| |
|
|
Apple Computer, Inc. Information for VU#333628
Vendor StatementApple: Mac OS X 10.2.8 contains the patches to address CVE CAN-2003-0693, CAN-2003-0695, and CAN-2003-0682. On Mac OS X versions prior to 10.2.8, the vulnerability is limited to a denial of service from the possibility of causing sshd to crash. Each login session has its own sshd, so established connections are preserved up to the point where system resources are exhausted by an attack.To deliver the update in a rapid and reliable manner, only the patches for CVE IDs listed above were applied, and not the entire set of patches for OpenSSH 3.7.1. Thus, the OpenSSH version in Mac OS X 10.2.8, as obtained via the "ssh -V" command, is: OpenSSH_3.4p1+CAN-2003-0693, SSH protocols 1.5/2.0, OpenSSL 0x0090609f
http://www.info.apple.com/kbnum/n120244 Mac OS X Client (updating from 10.2.6 - 10.2.7): http://www.info.apple.com/kbnum/n120245 Mac OS X Server (updating from 10.2 - 10.2.5): http://www.info.apple.com/kbnum/n120246 Mac OS X Server (updating from 10.2.6 - 10.2.7): http://www.info.apple.com/kbnum/n120247 US-CERT AddendumThe CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
 | |||||||||||||||||
 |
||||||||||||||||||||
