(Apple Issues Fix for OS X) FreeBSD ICMPv6 Processing Flaw Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1022210 |
|
SecurityTracker URL: http://securitytracker.com/id/1022210
|
|
CVE Reference:
CVE-2008-3530
(Links to External Site)
|
Date: May 13 2009
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 10.5.7
|
Description:
A vulnerability was reported in the FreeBSD kernel's IPv6 stack. A remote user can cause denial of service conditions. Mac OS X is affected.
A remote user can send a specially crafted ICMPv6 'Packet Too Big Message' to trigger a kernel panic.
Systems configured to process IPv6 packets that have active IPv6 TCP sockets are affected.
Tom Parker and Bjoern A. Zeeb reported this vulnerability.
|
Impact:
A remote user can cause the target system to crash.
|
Solution:
Apple has issued a fix (APPLE-SA-2009-05-12 Security Update 2009-002; and Mac OS X 10.5.7), available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:
http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies
to your system configuration. Only one is needed, either
Security Update 2009-002 or Mac OS X v10.5.7.
For Mac OS X v10.5.6
The download file is named: MacOSXUpd10.5.7.dmg
Its SHA-1 digest is: 0173995ad572f2bc11d802671136e5e5c1afe116
For Mac OS X v10.5 - v10.5.5
The download file is named: MacOSXUpdCombo10.5.7.dmg
Its SHA-1 digest is: 646fd1ac31c679c6a5aebe8ac74f190ab774cd38
For Mac OS X Server v10.5.6
The download file is named: MacOSXServerUpd10.5.7.dmg
Its SHA-1 digest is: 476b1f7c0e91eb8974eee84d9ee0f064964dce6d
For Mac OS X Server v10.5 - v10.5.5
The download file is named: MacOSXServerUpdCombo10.5.7.dmg
Its SHA-1 digest is: 20230891a42cb78ca38019527b708ef1549f61ae
For Mac OS X v10.4.11 (Intel)
The download file is named: SecUpd2009-002Intel.dmg
Its SHA-1 digest is: fc0143380efaf4aa7f320d1e2a84528c8e41a000
For Mac OS X v10.4.11 (PowerPC)
The download file is named: SecUpd2009-002PPC.dmg
Its SHA-1 digest is: 9e9b69c18450a1fa81484d7366a67ae97cfc52c7
For Mac OS X Server v10.4.11 (Universal)
The download file is named: SecUpdSrvr2009-002Univ.dmg
Its SHA-1 digest is: f0048c912ae939c1b5c95db5e843b4ee6cf60c21
For Mac OS X Server v10.4.11 (PowerPC)
The download file is named: SecUpdSrvr2009-002PPC.dmg
Its SHA-1 digest is: 525d90cc0d5bc00edd3f9a44e8447492a962f571
The Apple advisory is available at:
http://support.apple.com/kb/HT3549
|
Cause:
Input validation error
|
Underlying OS:
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Wed, 13 May 2009 01:57:48 -0400
Subject: Mac OS X
|
Networking
CVE-ID: CVE-2008-3530
Available for: Mac OS X v10.5 through v10.5.6,
Mac OS X Server v10.5 through v10.5.6
Impact: A remote user may be able to cause an unexpected system
shutdown
Description: When IPv6 support is enabled, IPv6 nodes use ICMPv6 to
report errors encountered while processing packets. An implementation
issue in the handling of incoming ICMPv6 "Packet Too Big" messages
may cause an unexpected system shutdown. This update addresses the
issue through improved handling of ICMPv6 messages.
|
|
