Hi all,
@stake has issued 3 security advisories in regard to OS X 10.2.8 and
below.
At this point the recommended fix is to upgrade to Panther. However,
@stake does offer a solution for the insecure file permissions problem.
(See advisory for more details.)
news.com has a story about it:
http://news.com.com/2100-1016_3-5098688.html?tag=nefd_top
@stake advisories:
http://www.atstake.com/research/advisories/2003/
http://www.atstake.com/research/advisories/2003/a102803-3.txt
Advisory Name: Long argv[] Buffer Overflow
Release Date: 10/28/2003
Application: Mac OS X
Platform: Mac OS X (10.2.8 and below)
Severity: Attacker can crash Mac OS X and possibly execute
commands as root
http://www.atstake.com/research/advisories/2003/a102803-2.txt
Advisory Name: Systemic Insecure File Permissions
Release Date: 10/28/2003
Application: Finder (and many others)
Platform: Mac OS X 10.2.8 and below
Severity: High
http://www.atstake.com/research/advisories/2003/a102803-1.txt
Advisory Name: Arbitrary File Overwrite via Core Files
Release Date: 10/24/2003
Application: Kernel
Platform: Mac OS X 10.2.8 and below
Severity: High
-lucas
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about MAGNet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the MAGNet Web site at <http://magnet.berkeley.edu/>.
Received on Wed Oct 29 08:37:04 2003
This archive was generated by hypermail 2.1.8 : Wed Oct 29 2003 - 08:37:04 PST