[MACEP] New at ftp.mesd--Security Update 2005-003

John Bromley the.bromleys at verizon.net
Mon Mar 21 18:33:22 PST 2005 

The following files are new or updated in the /pub/mac directory of the 
FTP server located at:
  ftp://ftp.mesd.k12.or.us/pub/mac/.

Security Update 2005-003
ftp://ftp.mesd.k12.or.us:21/pub/mac/SecUpd2005003Pan.dmg
Security Update 2005-003 for Mac OS X v10.3.8
	▪ 	AFP Server
CVE-ID: CAN-2005-0340
  Impact: A specially crafted packet can cause a Denial of Service 
against the AFP Server.
  Description: A specially crafted packet will terminate the operation 
of the AFP Server due to an incorrect memory reference.


	▪ 	 AFP Server
  CVE-ID: CAN-2005-0715
  Impact: The contents of a Drop Box can be discovered.
  Description: Fixes the checking of file permissions for access to Drop 
Boxes. Credit to John M. Glenn of San Francisco for reporting this 
issue.


	▪ 	 Bluetooth Setup Assistant
  CVE-ID: CAN-2005-0713
  Impact: Local security bypass when using a Bluetooth input device.
  Description: The Bluetooth Setup Assistant may be launched on systems 
without a keyboard or a preconfigured Bluetooth input device. In these 
cases, access to certain privileged functions has been disabled within 
the Bluetooth Setup Assistant.


	▪ 	 Core Foundation
  CVE-ID: CAN-2005-0716
  Impact: Buffer overflow via an environment variable.
  Description: The incorrect handling of an environment variable within 
Core Foundation can result in a buffer overflow that may be used to 
execute arbitrary code. This issue has been addressed by correctly 
handling the environment variable. Credit to iDEFENSE and Adriano Lima 
of SeedSecurity.com for reporting this issue.


	▪ 	 Cyrus IMAP
  CVE-ID: CAN-2004-1011, CAN-2004-1012, CAN-2004-1013, CAN-2004-1015, 
CAN-2004-1067
  Impact: Multiple vulnerabilities in Cyrus IMAP, including remotely 
exploitable denial of service and buffer overflows.
  Description: Cyrus IMAP is updated to version 2.2.12, which includes 
fixes for buffer overflows in fetchnews, backend, proxyd, and imapd. 
Further information is available from 
http://asg.web.cmu.edu/cyrus/download/imapd/changes.html.


	▪ 	 Cyrus SASL
  CVE-ID: CAN-2002-1347, CAN-2004-0884
  Impact: Multiple vulnerabilities in Cyrus SASL, including remote 
denial of service and possible remote code execution in applications 
that use this library.
  Description: Cyrus SASL is updated to address several security holes 
caused by improper data validation, memory allocation, and data 
handling.


	▪ 	 Folder permissions
  CVE-ID: CAN-2005-0712
  Impact: World-writable permissions on several directories, allowing 
potential file race conditions or local privilege escalation.
  Description: Secure folder permissions are applied to protect the 
installer's receipt cache and system-level ColorSync profiles. Credit 
to Eric Hall of DarkArt Consulting Services, Michael Haller 
(info at cilly.com), and (root at addcom.de) for reporting this issue.



	▪ 	Mailman
  CVE-ID: CAN-2005-0202
  Impact: Directory traversal issue in Mailman that could allow access 
to arbitrary files.
  Description: Mailman is a software package that provides mailing list 
management. This update addresses an exposure in Mailman's private 
archive handling that allowed remote access to arbitrary files on the 
system. Further information is available from 
http://www.gnu.org/software/mailman/security.html.



	▪ 	Safari
  CVE-ID: CAN-2005-0234
  Impact: Maliciously registered International Domain Names (IDN) can 
make URLs visually appear as legitimate sites.
  Description: Support for Unicode characters within domain names 
(International Domain Name support) can allow maliciously registered 
domain names to visually appear as legitimate sites. Safari has been 
modified so that it consults a user-customizable list of scripts that 
are allowed to be displayed natively. Characters based on scripts that 
are not in the allowed list are displayed in their Punycode equivalent. 
The default list of allowed scripts does not include Roman look-alike 
scripts. Credit to Eric Johanson (ericj at shmoo.com) for reporting this 
issue to us. More information is available here.



--------------------------

John Bromley
40405 SE Hwy 26
Sandy, OR 97055
(503) 668-3332

"Even if you're on the right track, you'll get run over if you just sit 
there." -----  Will Rogers

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 4777 bytes
Desc: not available
Url : http://mailman.mesd.k12.or.us/pipermail/macep/attachments/20050321/c82095f3/attachment.bin

More information about the MACEP mailing list