Re: MacOS X SoftwareUpdate Vulnerability

• Previous message: Adam Slattery: "sparc exploit for known solaris 8 kcms_configure overflow"
• In reply to: Russell Harding: "MacOS X SoftwareUpdate Vulnerability"
• Next in thread: Kurt Seifried: "Re: MacOS X SoftwareUpdate Vulnerability"
• Reply: Kurt Seifried: "Re: MacOS X SoftwareUpdate Vulnerability"
• Reply: Corey J. Steele: "Re: MacOS X SoftwareUpdate Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Am Sonntag den, 7. Juli 2002, um 06:21, schrieb Russell Harding:

> ----------------------------------------------------------------------------
>                     MacOS X SoftwareUpdate Vulnerability.
> ----------------------------------------------------------------------------
>
> Date:      July 6, 2002
> Version:   MacOS 10.1.X and possibly 10.0.X
> Problem:   MacOS X SoftwareUpdate connects to the SoftwareUpdate Server via
>            HTTP with no authentication, leaving it vulnerable to attack.
[...]
> Solution/Patch/Workaround:
[...]

A possible workaround:

System Preferences -> Software Update -> Update Software: [x] Manually
Donīt touch the "Update Now"-Button!

Look for updates on http://www.info.apple.com/support/downloads.html
Use trusted networks or http-to-mail gateway to get the files.

HTH,

Julian

• Next message: Olaf Kirch: "Re: LOCAL ROOT EXPLOIT - SUPPORT FULL-DISCLOSURE - LOCAL ROOT EXPLOIT"
• Previous message: Adam Slattery: "sparc exploit for known solaris 8 kcms_configure overflow"
• In reply to: Russell Harding: "MacOS X SoftwareUpdate Vulnerability"
• Next in thread: Kurt Seifried: "Re: MacOS X SoftwareUpdate Vulnerability"
• Reply: Kurt Seifried: "Re: MacOS X SoftwareUpdate Vulnerability"
• Reply: Corey J. Steele: "Re: MacOS X SoftwareUpdate Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 08 2002 - 07:50:15 PDT