"..it's a feature.." -----Original Message----- From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) Sent: Thursday, November 15, 2007 3:20 PM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Not so OT: FW: Application Firewall security updates Yikes. Anything root automatically accepts incoming connections. t -----Original Message----- From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Todd Woodward Sent: Thursday, November 15, 2007 1:55 PM To: Focus-Apple Subject: RE: Application Firewall security updates Per the Knowledge Base article which is now available: http://docs.info.apple.com/article.html?artnum=307004 CVE-ID: CVE-2007-4702 Available for: Mac OS X v10.5, Mac OS X Server v10.5 Impact: The "Block all incoming connections" setting for the firewall is misleading Description: The "Block all incoming connections" setting for the Application Firewall allows any process running as user "root" (UID 0) to receive incoming connections, and also allows mDNSResponder to receive connections. This could result in the unexpected exposure of network services. This update addresses the issue by more accurately describing the option as "Allow only essential services, and by limiting the processes permitted to receive incoming connections under this setting to a small fixed set of system services: configd (for DHCP and other network configuration protocols), mDNSResponder (for Bonjour), and racoon (for IPSec). The "Help" content for the Application Firewall is also updated to provide further information. This issue does not affect systems prior to Mac OS X v10.5. ### Security Response Researcher Focus-Apple Moderator Todd D. Woodward Technical Support Engineer NetBackup Support Symantec Corporation www.symantec.com Springfield, Oregon Office: 541-335-7441