Andr0m3da
02-11-2003, 20:54
@stake has reported (*) two vulnerabilities that
affect Mac OS X 10.2.8 and earlier versions. The security implications of
these flaws range from crashing the system to running commands as root.
The first of these vulnerabilities can cause the Mac OS X kernel to crash
when a long command line argument is specified. When this happens, the
system will immediately block, without generating any log files or
displaying any error messages, and users will not be able to perform any
tasks. After several minutes, the computer will restart.
A more sophisticated exploit of this vulnerability could allow an attacker
to use an overflow in the kernel to run arbitrary commands as root, with
maximum privileges in the system.
The second flaw lies in the fact that many applications are installed in Mac
OS X with insecure permissions. This could allow a malicious user to
overwrite files and directories and obtain confidential information.
Until the patches for the different versions are released, users whose
computers are affected by these vulnerabilities can upgrade to Panther (Mac
OS X 10.3). More information at: http://www.apple.com/macosx/
(*) The @stake security advisories are published at:
http://www.atstake.com/research/advisories/2003/a102803-3.txt
http://www.atstake.com/research/advisories/2003/a102803-2.txt
affect Mac OS X 10.2.8 and earlier versions. The security implications of
these flaws range from crashing the system to running commands as root.
The first of these vulnerabilities can cause the Mac OS X kernel to crash
when a long command line argument is specified. When this happens, the
system will immediately block, without generating any log files or
displaying any error messages, and users will not be able to perform any
tasks. After several minutes, the computer will restart.
A more sophisticated exploit of this vulnerability could allow an attacker
to use an overflow in the kernel to run arbitrary commands as root, with
maximum privileges in the system.
The second flaw lies in the fact that many applications are installed in Mac
OS X with insecure permissions. This could allow a malicious user to
overwrite files and directories and obtain confidential information.
Until the patches for the different versions are released, users whose
computers are affected by these vulnerabilities can upgrade to Panther (Mac
OS X 10.3). More information at: http://www.apple.com/macosx/
(*) The @stake security advisories are published at:
http://www.atstake.com/research/advisories/2003/a102803-3.txt
http://www.atstake.com/research/advisories/2003/a102803-2.txt