Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Personal Web Sharing remote stop
From: "Erik Neuenschwander" <erikn () well com>
Date: Fri, 18 May 2001 18:40:43 -0700

"Terje Bless" <link () tss no> wrote:
On 16.05.01 at 10:01, Ron Trenka <ron () zowiedigital com> wrote:

BTW, if anyone has contacts at Apple _please_ bug them about starting
to
take security seriously! It looks like the last update to Mac OS X
(10.0.3) was to close the recent glob hole, but it isn't mentioned in
the
release notes. Just some vague "security related fixes".

That was part of the update.  The biggest thing was to add the CD
burning
capability.

Nope. That was .1 or .2 (I can't be bothered to check right now). .3
added
/more/ CD-RW support and some vaguely hinted at security fixes involving
FTP that just _scream_ at me that they've closed the glob hole but
aren't
telling because then they'd have to fess up to having been bitten by it
in
the first place. The worst part is that I fully expect the added CD-TW
support was the more compelling reason for the upgrade; the FTP fix was
just piggybacking along. *sigh*

"This update delivers CD burning support for iTunes, a number of
 improvements for overall application stability and includes the
 latest version of the Internet file transfer service (ftpd)
 which features important security improvements."


Well, they now have more of a clue... Apple's finally got a security site
up!

http://www.apple.com/support/security/security.html
describes their processes
http://www.apple.com/supprt/security/security_updates.html
lists their updates and what vulnerabilities they patch

And, yes, it was the glob hole and it is now fixed.  They even link to the
CERT Advisory.

--
Erik Neuenschwander           Managing Director, i-Appliance Association
erikn () cs stanford edu              Graduate Student, Stanford Philosophy
erikn () i-appliance org                    http://www.stanford.edu/~erikn/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]