Uočen je i otklonjen sigurnosni nedostatak paketa Apple Remote Desktop koji napadačima omogućuje pregled i otkrivanje potencijalno osjetljivih podataka.
Paket:
Apple Remote Desktop 3.x
Operacijski sustavi:
Apple Mac OS X 10, Apple Mac OS X 10.1, Apple Mac OS X 10.2, Apple Mac OS X 10.3, Apple Mac OS X 10.4, Apple Mac OS X 10.5, Apple Mac OS X 10.6, Apple Mac OS X 10.7
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
otkrivanje osjetljivih informacija
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-0681
Izvorni ID preporuke:
APPLE-SA-2012-08-20-1
Izvor:
Apple
Problem:
Problem se javlja prilikom spajanja na VNC poslužitelj kada je uključena opcija "Encrypt all network data".
Posljedica:
Prilikom korištenja paketa može doći do otkrivanja osjetljivih informacija.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-08-20-1 Apple Remote Desktop 3.6.1
Apple Remote Desktop 3.6.1 is now available and addresses the
following:
Apple Remote Desktop
Available for: Apple Remote Desktop 3.0 or later
Impact: Connecting to a third-party VNC server with "Encrypt all
network data" set may lead to information disclosure
Description: When connecting to a third-party VNC server with
"Encrypt all network data" set, data is not encrypted and no warning
is produced. This issue is addressed by creating an SSH tunnel for
the VNC connection in this configuration, and preventing the
connection if the SSH tunnel cannot be created. This issue does not
affect Apple Remote Desktop 3.5.1 and earlier.
CVE-ID
CVE-2012-0681 : Mark S. C. Smith studying at Central Connecticut
State University
Apple Remote Desktop 3.6.1 may be obtained from Mac App Store,
the Software Update pane in System Preferences, or Apple's Software
Downloads web site: http://www.apple.com/support/downloads/
The download file is named: "RemoteDesktopAdmin361.dmg"
Its SHA-1 digest is: dd41bab369c7905e79ff3b3adea97904f55d9759
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQMqP5AAoJEPefwLHPlZEwUy8P/3qgEUoJz4NnnJgeyo+3z7Wl
a2/b5yPx5ptTcZiGandRMlrDftbwbOkpwCwJrqIv4czXL5T1J08cxUAW0rN2PzWG
KXCkjYQMRBVQoQftrL8wqNCJW3pPMTz0CGfoPXt2g7cR+9YVFyIwa2PLCVfKOgds
Y8kqlNJXgYwvJC22I3IDRvohsTJi4PYfZnRad3rd97J2nMTNTtYBC7x3MSWXd+z1
dVEV9eBDzK1eovf6n1YrVPLapWOA3+4ssYVGZ+/J9JjfW0RnhXSFZ9Yxnq/j8Zoy
CbQKZ903ncWF/DbliIkGYByO+4Hol2g0ZnFqTeO7d4Dsnf9+AVHqEB1dJJmR6qK/
4TgNVP4IUDpJjemVPFwYI5tFuzsXsjv6MvrLQR1wnFme1691Lc6DOekda8ZWfiRU
taJlCBay9BuuoAtP7jG0T5ZU8nZLUGTCFY2ubs2IM9OBJr1MD7SYuODMwJeivVsv
Ut6jBCGUoo2bBlJpOoCYUnCSpk7OW368WYUHD0LsnqmUkaTtGgQiJuSOs1N9/3wy
4aEvaLak0xsquzDn7SE70lrNPBRBc4/Rliv9jXRSA+xwsK5Rqtji/LHRtWibaOHd
wI5Zyq8/7JtaUWrCrwhAbyUFd3lr7hZFFDERLgpQJkIn6cmS+O6FWi7835vkURIO
n8Cd6teIejPCfMpyd9pf
=PSaI
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/security-announce/advisory%40lss.hr
This email sent to Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke