Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

Apple Computer Inc. Information for VU#298233

Date Notified:
Date Updated:
Statement Date:
Status Summary:Vulnerable

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

APPLE-SA-2003-03-24 Samba, OpenSSL

Security Update 2003-03-24 is now available. It contains fixes for
recent vulnerabilities in:

* OpenSSL: Fixes CAN-2003-0147, a timing attack on RSA keys.

* Samba: Fixes CAN-2003-0085 and CAN-2003-0086 which could allow
unauthorized remote access to the host system. The built-in Windows
file sharing in Mac OS X is based on Samba. Windows file sharing is
off by default in Mac OS X, but it is recommended that all users
install this Security Update.

Note: This update only applies the security fixes to the
currently-shipping 2.2.3 version of Samba on Mac OS X 10.2.4, and the
Samba version is otherwise unchanged. The presence of the following
file indicates that the update has been applied:
/Library/Receipts/SecurityUpd2003-03-24.pkg


Affected systems: Mac OS X 10.2.4 and earlier
Mac OS X Server 10.2.4 and earlier

System requirements: Mac OS X 10.2.4 or Mac OS X Server 10.2.4

Customers with earlier Mac OS X versions are encouraged to either
upgrade to Mac OS X 10.2.4, or visit the Samba and OpenSSL web sites
for information on the available fixes.

Security Update 2003-03-24 may be obtained from:

* Software Update pane in System Preferences

* Apple's Software Downloads web site:
http://www.info.apple.com/kbnum/n120199

To help verify the integrity of Security Update 2003-03-24 from the
Software Downloads web site:

The download file is titled: SecurityUpd2003-03-24.dmg
Its SHA-1 digest is: 0a80081453bca85493fcbaccd6adad222b41809e

Information will also be posted to the Apple Product Security web site:
http://www.apple.com/support/security/security_updates.html

This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQEVAwUBPn+J9yFlYNdE6F9oAQLn5wgAovbpUeGt5l94+F0uo+bbF6Qfb/WVG5Kk
3sciromi3Jo/UnAGWyloFU/o1DZeyqqBgZiqGucwXC2T6M9mkIlf2qSFchkWcyBm
atau0h0ey1gd7KNrfXszwb41jxal4WqYw/rg2h0Dgf+gKZ+ZKd5DDFTuIbCu9jWO
vB7+mW3WJ2zopRjXwEwOTkZApq2wH0DEUbK+R3Qg7B0LvLwKnOK6ATHbN7p2Y7zi
itVYrEcNR5bPDBVu1rzv5TiwoqNrDjBpuuTRvekpK5eugXRCHXhjlZ+XimafvKrj
RwnD3zM+E+vPeDiEL0/dnY+sQ3zyadZxZO8NyFFtmOQEMj/ANeot/A==
=065h
-----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2009 by US-CERT, a government organization
Disclaimers and copyright information