Title: Apple Mac OS X Multiple Vulnerabilities
Severity: CRITICAL
Description:
Apple Mac OS X 10.3 (Panther) has been released to address multiple new and previously known vulnerabilities. These issues may cumulatively allow an attacker to cause denial of service, arbitrary code execution, privilege escalation and unauthorized access.
The following specific vulnerabilities were reported to be addressed:
A design error (CAN-2003-0876) is reported to exist in the software that may allow an attacker to access sensitive information. This issue occurs because the software fails to keep folder permissions when copying a folder from a mounted volume such as a disk image. This issue is described in more detail by BID 8916.
A problem (CAN-2003-0877) has been identified in Mac OS X during the creation of core files that may allow an attacker to access or overwrite sensitive files. This issue is discussed with further detail in BID 8914.
A vulnerability (CAN-2003-0878) is reported to exist when Personal File Sharing is enabled that may allow an attacker to gain elevated privileges. This issue occurs because the slpd daemon may create a file owned by root in the tmp directory. This could overwrite an existing file resulting in elevated privileges.
A denial of service and possible buffer overflow issue (CAN-2003-0895) has been reported in the software. This issue may allow an attacker to crash the operating system by supplying a long command line argument. Further details are provided in BID 8913.
An issue (CVE-2002-0701) has been reported to affect the software when ktrace is enabled through KTRACE kernel option. This issue may allow a local attacker to gain access to sensitive information. It has been reported by the vendor that currently no specific utility is vulnerable to this problem.
A denial of service issue (CVE-2002-0830) affecting nfs has been reported. This issue may allow a remote attacker cause the system to hang by sending specific RPC messages.
Two possible vulnerabilities in zlib (CAN-2003-0107) BID 6913 and gm4 (CAN-2001-1411) utilities are also reported, however these do not affect the system at the moment. This could be the source of future vulnerabilities though.
An OpenSSH issue (CAN-2003-0386) has been identified as well. This issue allows a remote attacker to access an OpenSSH server's login mechanism from an unauthorized host. Further details are available in BID 7831.
A problem (CAN-2001-1412) is reported that may allow an attacker to gain access to authentication information such as encrypted passwords.
A design error (CAN-2003-0883) is reported to exist in the software that may allow an attacker to gain access to secure Preference Panes without proper privileges.
An information disclosure issue (CAN-2003-0882) has been reported due to TCP timestamp. It has been reported that the timestamp is always initialized with a constant number that may allow an attacker to calculate how long a system has been running for.
An issue (CAN-2003-0881) has been reported to exist in the Mac OS X Mail application. This issue presents itself when an account is configured to use MD5 Challenge Response. If an attempt to login fails the program switches to plain text passwords.
CAN-2003-0880 applies to an issue where keyboard access to Dock functions may still be possible from behind Screen Effects when Full Keyboard Access is enabled via the Keyboard pane in System Preferences. This issue is reportedly different from the issue discussed in BID 8912. BID 8912 is not addressed with this build of Mac OS X 10.3.
These issues are currently undergoing further analysis. Where appropriate, individual BIDs will be created to represent new issues and existing BIDs will be updated for previously known issues.
Affected Products:
- Apple Mac OS X 10.0.0
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.1.0
- Apple Mac OS X 10.1.0
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.3
- Apple Mac OS X 10.1.4
- Apple Mac OS X 10.1.5
- Apple Mac OS X 10.2.0
- Apple Mac OS X 10.2.1
- Apple Mac OS X 10.2.2
- Apple Mac OS X 10.2.3
- Apple Mac OS X 10.2.4
- Apple Mac OS X 10.2.5
- Apple Mac OS X 10.2.6
- Apple Mac OS X 10.2.7
- Apple Mac OS X 10.2.8
- Apple Mac OS X Server 10.0.0
- Apple Mac OS X Server 10.2.0
- Apple Mac OS X Server 10.2.1
- Apple Mac OS X Server 10.2.2
- Apple Mac OS X Server 10.2.3
- Apple Mac OS X Server 10.2.4
- Apple Mac OS X Server 10.2.5
- Apple Mac OS X Server 10.2.6
- Apple Mac OS X Server 10.2.7
- Apple Mac OS X Server 10.2.8
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
