Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

Apple Computer Inc. Information for VU#457875

Date Notified10/29/2002
Date Modified10/18/2004 11:01:49 AM
Status SummaryVulnerable

Vendor Statement

Affected Systems: Mac OS X and Mac OS X Server.

This is fixed in Security Update 2002-11-21.

US-CERT Addendum

-----BEGIN PGP SIGNED MESSAGE-----

Security Update 2002-11-21 is now available.  It contains BIND version
8.3.4
to address multiple potential vulnerabilities.

CVE IDs:  CAN-2002-1219, CAN-2002-1220, CAN-2002-1221, CAN-2002-0029

Description:  Several of these vulnerabilities may allow remote
attackers
to execute arbitrary code with elevated privileges. The other
vulnerabilities
could allow remote attackers to disrupt the normal operation of DNS
name service
running on servers.

Further information is available at:
   http://www.cert.org/advisories/CA-2002-31.html
   http://www.kb.cert.org/vuls/id/457875

Affected systems:  Systems that have enabled BIND and are using
   BIND versions 8.1, 8.2 to 8.2.6, and 8.3.0 to 8.3.3.

Mitigating Factors:  BIND is not enabled by default on Mac OS X or Mac
OS X Server

System requirements:  Mac OS X 10.2.2

If BIND is enabled on Mac OS X systems prior to 10.2.2, the
recommendation
is to either upgrade to Mac OS X 10.2 Jaguar then apply this Security
Update,
or to update BIND to version 8.3.4 from the ISC site at:
http://www.isc.org/products/BIND/bind8.html

Security Update 2002-11-21 may be obtained from:

   * Software Update pane in System Preferences (for 10.2.2 or later)

   * Apple's Software Downloads web site:
     http://www.info.apple.com/kbnum/n120169

    To help verify the integrity of Security Update 2002-11-21 from the
   Software Downloads web site, the download file is titled:
     SecurityUpd2002-11-21.dmg
     Its SHA-1 digest is:  9137fc5c1b8922475939ec93ab638494ff6e69be

Information will also be posted to the Apple Support website:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3

iQEVAwUBPd62ayFlYNdE6F9oAQH3DQf+PJNRB5NlLZim8i7hr0ef/obrjGrQ/PNL
mpQ0bdgB7huFpUYw52YJcjIIFeI6XSgyP/QEEFfApy98y5CuEDXnC+raMniokD6D
L4A25nhRByyxOC5lziKjQKLDWIEktQGXSHYr9cq7oIuo66gAxdQbZrT/brubu9sI
p/4g7sO1CuD5P/31RZUdHizG5lbN8dRGNgeh59FYQhpdYMbflrSolFL0FyxVc6aQ
UwYbdnlt+wPiDqqWGL+YKv7GXV/XBk29mty6sLHqExx2bL8CH8ttUpZcFa8H+8VM
yBXHJ0pnsCPrX+Q32o93ibm3HASXG+JcOrIC1kzvqlldSUvni1w6Kw==
=/AHs
-----END PGP SIGNATURE-----

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2008 by US-CERT, a government organization
Disclaimers and copyright information