Users of Apple Directory Services please be advised of a Memory Corruption vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
Apple-SA-11/11/2010: Apple Directory Services Memory Corruption - CVE-2010-1840
INTRODUCTION
chfn, chpass and chsh dos not properly parse authname switch ("-u"), which causes the applications to crash when
parsing a long string. Those binaries are setuid root by default.
This problem was confirmed in the following versions of Apple binaries and MacOS, other versions may be also affected:
Apple Mac OS X 10.5.8 32bits /usr/bin/chfn, /usr/bin/chpass, /usr/bin/chsh
Apple Mac OS X 10.6.2 64bits /usr/bin/chfn, /usr/bin/chpass, /usr/bin/chsh
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/91kg6E
No comments:
Post a Comment