• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Apple MacOS X SecurityServer Daemon Local Denial Of Service Vulnerability

Severity: MODERATE

Description:

Apple MacOS X SecurityServer is a daemon implemented to provide authentication, keychain, authorization and other services for MacOS X.

Apple MacOS X SecurityServer has been reported prone to a denial of service vulnerability that may be triggered by a local user. The issue may be triggered under certain circumstances when a large passwordLength argument for a SecKeychainUnlock() call is specified after a locked keychain is unlocked.

It has been reported that this activity will cause the SecurityServer to crash, applications that depend on the functionality that SecurityServer provides may also crash or behave in an unstable manner. It has been reported that the affected system will require a reboot to restore normal functionality.

The server appears to crash during a memory copy operation inside of the sha1AddData() function (from the SHA1.c source file), potentially resulting in memory corruption. This could possibly allow for execution of arbitrary code, though this possibility has not been confirmed. If the SecurityServer were compromised by a local attacker, it could impact various system security properties.

Affected Products:

• Apple Darwin Streaming Server 4.1.2
• Apple Darwin Streaming Server 4.1.3
• Apple Mac OS X 10.0.0
• Apple Mac OS X 10.0.03
• Apple Mac OS X 10.0.1
• Apple Mac OS X 10.0.2
• Apple Mac OS X 10.0.3
• Apple Mac OS X 10.0.4
• Apple Mac OS X 10.1.0
• Apple Mac OS X 10.1.0
• Apple Mac OS X 10.1.1
• Apple Mac OS X 10.1.2
• Apple Mac OS X 10.1.3
• Apple Mac OS X 10.1.4
• Apple Mac OS X 10.1.5
• Apple Mac OS X 10.2.0
• Apple Mac OS X 10.2.1
• Apple Mac OS X 10.2.2
• Apple Mac OS X 10.2.3
• Apple Mac OS X 10.2.4
• Apple Mac OS X 10.2.5
• Apple Mac OS X 10.2.6
• Apple Mac OS X 10.2.7
• Apple Mac OS X 10.2.8
• Apple Mac OS X 10.3.0
• Apple Mac OS X 10.3.1
• Apple Mac OS X 10.3.2
• Apple Mac OS X Server 10.0.0
• Apple Mac OS X Server 10.2.0
• Apple Mac OS X Server 10.2.1
• Apple Mac OS X Server 10.2.2
• Apple Mac OS X Server 10.2.3
• Apple Mac OS X Server 10.2.4
• Apple Mac OS X Server 10.2.5
• Apple Mac OS X Server 10.2.6
• Apple Mac OS X Server 10.2.7
• Apple Mac OS X Server 10.2.8
• Apple Mac OS X Server 10.3.0
• Apple Mac OS X Server 10.3.1
• Apple Mac OS X Server 10.3.2

References:

• Apple: Mac OS X Home Page

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.