SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Networking Stack (TCP/IP)  >   Mac OS X Vendors:   Apple Computer
(Apple Issues Fix for Mac OS X) BSD IPv6 Type 0 Route Headers May Let Remote Users Deny Service
SecurityTracker Alert ID:  1018273
SecurityTracker URL:  http://securitytracker.com/id/1018273
CVE Reference:   CVE-2007-2242   (Links to External Site)
Updated:  Jul 3 2007
Original Entry Date:  Jun 20 2007
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.4.x
Description:   A vulnerability was reported in IPv6, affecting OpenBSD and FreeBSD. A remote user can cause denial of service conditions. Mac OS X is affected.

A remote user can use IPv6 Type 0 route headers to conduct denial of service attacks against hosts and networks.

[Editor's note: The vendor indicates that this a design flaw in IPv6 and not a flaw in OpenBSD.]
Impact:   A remote user can cause denial of service conditions.
Solution:   Apple has released a fix (10.4.4) for Mac OS X, which is affected by this IPv6 vulnerability. Mac OS X v10.4.10 is available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

For Mac OS X v10.4.9 (PowerPC)
The download file is named: "MacOSXUpd10.4.10PPC.dmg"
Its SHA-1 digest is: 9894afbafcc1deb9c331bba2e847a0884059e6aa

For Mac OS X v10.4 (PowerPC) through v10.4.8 (PowerPC)
The download file is named: "MacOSXUpdCombo10.4.10PPC.dmg"
Its SHA-1 digest is: 7c40b6296b9a8a8845a776597a89a8795c391a19

For Mac OS X v10.4.9 (Intel)
The download file is named: "MacOSXUpd10.4.10Intel.dmg"
Its SHA-1 digest is: 0d3abab73af3370699bbe5389513511a1ba8b8fd

For Mac OS X v10.4.4 (Intel) through v10.4.8 (Intel)
The download file is named: "MacOSXUpdCombo10.4.10Intel.dmg"
Its SHA-1 digest is: d3e72724dccda1c10a3ed393a262145fba105f55

For Mac OS X Server v10.4.9 (PowerPC)
The download file is named: "MacOSXServerUpd10.4.10PPC.dmg"
Its SHA-1 digest is: 9901cfdb6f3dd3a01bdde43b8a3fbc2d1ebfc8b9

For Mac OS X Server v10.4 through v10.4.8 (PowerPC)
The download file is named: "MacOSXSrvrCombo10.4.10PPC.dmg"
Its SHA-1 digest is: 434334396f2cfd4b9e23124d7f00d5ca3a64fd03

For Mac OS X Server v10.4.7 through v10.4.9 (Universal)
The download file is named: "MacOSXSrvrCombo10.4.10Univ.dmg"
Its SHA-1 digest is: f46d19a88f0439f4dc91bc9c1217b60e681c5470

Systems prior to Mac OS X v10.4 are not affected.

On July 2, 2007, Apple released Version 1.1 of Mac OS X 10.4.10 Update that includes this fix as well as a separate non-security fix for Intel-based systems. Users that have not installed the original 10.4.10 update can install this new version 1.1 of the update. Users that have installed the original update can apply the non-security fix separately.

For Mac OS X v10.4.9 (Intel)
The download file is named: "MacOSXUpd10.4.10Intel.dmg"
Its SHA-1 digest is: 94ba0b3b7e400774fe2c8a8488115a39d3177e9f

For Mac OS X v10.4.4 (Intel) through v10.4.8 (Intel)
The download file is named: "MacOSXUpdCombo10.4.10Intel.dmg"
Its SHA-1 digest is: 40c81fba3b127a12aa519e27a3fa38904cb811b4

The Apple advisory is available at:

http://docs.info.apple.com/article.html?artnum=305712
Cause:   Resource error
Underlying OS:  

Message History:   This archive entry is a follow-up to the message listed below.
Apr 23 2007 BSD IPv6 Type 0 Route Headers May Let Remote Users Deny Service


 Source Message Contents
Date:  Wed, 20 Jun 2007 13:28:05 -0700
Subject:  APPLE-SA-2007-06-20 Mac OS X v10.4.10


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2007-06-20 Mac OS X v10.4.10

Mac OS X v10.4.10 is now available and addresses the following
security issue.  Mac OS X v10.4.10 also provides additional
functionality changes, and information is available in its
release note.

Networking

CVE-ID: CVE-2007-2242

Available for: Mac OS X v10.4 through Mac OS X v10.4.9,
Mac OS X Server v10.4 through Mac OS X Server v10.4.9

Impact: Remote attackers may be able to adversely affect network
performance

Description: A design issue exists in the IPv6 protocol's handling of
type 0 routing headers. Depending on network topology and capacity,
the reception of specially crafted IPv6 packets may lead to a
reduction in network bandwidth. This update addresses the issue by
disabling the support for type 0 routing headers. This issue does not
affect systems prior to Mac OS X v10.4.

Mac OS X v10.4.10 may be obtained from the Software Update pane in
System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

For Mac OS X v10.4.9 (PowerPC)
The download file is named:  "MacOSXUpd10.4.10PPC.dmg"
Its SHA-1 digest is:  9894afbafcc1deb9c331bba2e847a0884059e6aa

For Mac OS X v10.4 (PowerPC) through v10.4.8 (PowerPC)
The download file is named:  "MacOSXUpdCombo10.4.10PPC.dmg"
Its SHA-1 digest is:  7c40b6296b9a8a8845a776597a89a8795c391a19

For Mac OS X v10.4.9 (Intel)
The download file is named:  "MacOSXUpd10.4.10Intel.dmg"
Its SHA-1 digest is:  0d3abab73af3370699bbe5389513511a1ba8b8fd

For Mac OS X v10.4.4 (Intel) through v10.4.8 (Intel)
The download file is named:  "MacOSXUpdCombo10.4.10Intel.dmg"
Its SHA-1 digest is:  d3e72724dccda1c10a3ed393a262145fba105f55

For Mac OS X Server v10.4.9 (PowerPC)
The download file is named:  "MacOSXServerUpd10.4.10PPC.dmg"
Its SHA-1 digest is:  9901cfdb6f3dd3a01bdde43b8a3fbc2d1ebfc8b9

For Mac OS X Server v10.4 through v10.4.8 (PowerPC)
The download file is named:  "MacOSXSrvrCombo10.4.10PPC.dmg"
Its SHA-1 digest is:  434334396f2cfd4b9e23124d7f00d5ca3a64fd03

For Mac OS X Server v10.4.7 through v10.4.9 (Universal)
The download file is named:  "MacOSXSrvrCombo10.4.10Univ.dmg"
Its SHA-1 digest is:  f46d19a88f0439f4dc91bc9c1217b60e681c5470

Information will also be posted to the Apple Security Updates
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)

iQEVAwUBRnmNkcgAoqu4Rp5tAQhmTQgAk40wWT2RcRgqQ3DfD6IcabBO3VLExX3z
Y78ofoMTwj/XCg1SAwrJNktlkG2Hd9FIIWPEDwuvYkqRJOc2trtttgFeLQ3AUqr2
YI2KOa+PQVOr6mhByXYHNaDSrhaZRrgWDAWVK7y7TY0pGHdhUzKqeqJ+gdyiV+JR
ayLOJ2KIVJqvMUaYgHa5DzxfvmqHdcYCsuLxVSeCFU8/u+XY351KlkvB3Edq1CYF
FUo+jaSjob/VqHLuXwla67rfPYNgqBto20kmJ4ixjbZ0uZUq7xlRSmHV1ybyRX3v
bt7iqrLlhXdWH6IdASUxMXagK4DQM2nKYvSkGJkNT5EidNFTok/UjA==
=pWPj
-----END PGP SIGNATURE-----

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC