Apple Computer Inc. Information for VU#757612

Apache Portable Runtime contains heap buffer overflow in apr_psprintf()

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2003-06-12 Security Update 2003-06-12 Apache 2

Security Update 2003-06-12 is now available.  It contains fixes for
the
following potential security issues for Mac OS X Server.  Mac OS X
client does not contain the issues being addressed by this software
update.

Apache 2.0:  Fixes CAN-2003-0245 by updating Apache 2.0.45 to 2.0.46
to
address a security hole in the mod_dav module that could be exploited
remotely causing an Apache Web server process to crash.  Apache 1.3
is
unaffected and is the primary web server on Mac OS X Server.  Apache
2.0 is installed with Mac OS X Server, but off by default.

dsimportexport:  Fixes CAN-2003-0420 where a logged-in user could
potentially view the name and password of the account running the
dsimportexport tool.

Security Update 2003-06-12 may be obtained from:

* Software Update pane in System Preferences

- OR -

* Apple's Software Downloads web site:

http://www.info.apple.com/kbnum/n120215
The download file is named: "SecurityUpd2003-06-12.dmg"
Its SHA-1 digest is: 1f8e101111ae059ebd6eaf91b69267808517b4a1


Information is also posted to the Apple Support web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQEVAwUBPukFjHeI0z6bzFr0AQIZQAgAgKNZ4eFeiTYQNyHC6Xa3A0AVAz84RkFQ
5Eb7BivZgBH+Wa0AMfs4OH9Z7+XtBFH5GbkKHL9MOSeW97cDCyBxTaNk/G98SFgj
DdAmnbNY5GUA5mhEq4gRMChICJGE+Fc9zQLqwGFZ4NDlpOpoDWILOABM4E4NeeVe
3AEPZe4WeVXRup+kAfYfY2oyKz74AxU2CeHnEwQC3OFpBM1zFu59x2S1TPdwi8Ti
6K2Uyzv0bjKtSNxgeoCLzJgiah9B7otzOyR0h5xqJ/shlwAX4f3/GEeK//V0B6a+
+GimSMrHQPPvSFRRWpRdHAEB24vasaDG6SjJ/dUDqCwcCH6jekWxdA==
=Gs31
-----END PGP SIGNATURE-----

If you have feedback, comments, or additional information about this vulnerability, please send us email.