[isapros] Re: Not so OT: FW: Application Firewall security updates

• From: "Greg Mulholland" <gmulholland@xxxxxxxxxxxx>
• To: <isapros@xxxxxxxxxxxxx>
• Date: Sat, 17 Nov 2007 08:09:50 +1100

Eeeeeeew.. I feel dirty already!

-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On
Behalf Of Thor (Hammer of God)
Sent: Friday, 16 November 2007 10:20 AM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Not so OT: FW: Application Firewall security updates

Yikes.  Anything root automatically accepts incoming connections. 

t

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Todd Woodward
Sent: Thursday, November 15, 2007 1:55 PM
To: Focus-Apple
Subject: RE: Application Firewall security updates

Per the Knowledge Base article which is now available:
http://docs.info.apple.com/article.html?artnum=307004

CVE-ID: CVE-2007-4702

Available for: Mac OS X v10.5, Mac OS X Server v10.5

Impact: The "Block all incoming connections" setting for the firewall is
misleading

Description: The "Block all incoming connections" setting for the
Application Firewall allows any process running as user "root" (UID 0)
to receive incoming connections, and also allows mDNSResponder to
receive connections. This could result in the unexpected exposure of
network services. This update addresses the issue by more accurately
describing the option as "Allow only essential services, and by limiting
the processes permitted to receive incoming connections under this
setting to a small fixed set of system services: configd (for DHCP and
other network configuration protocols), mDNSResponder (for Bonjour), and
racoon (for IPSec). The "Help" content for the Application Firewall is
also updated to provide further information. This issue does not affect
systems prior to Mac OS X v10.5.

###

 
Security Response Researcher
Focus-Apple Moderator
 

Todd D. Woodward
Technical Support Engineer
NetBackup Support
Symantec Corporation
www.symantec.com
Springfield, Oregon



Office: 541-335-7441

• References:
  • [isapros] Not so OT: FW: Application Firewall security updates
    • From: Thor (Hammer of God)

Other related posts:

• » [isapros] Not so OT: FW: Application Firewall security updates
• » [isapros] Re: Not so OT: FW: Application Firewall security updates
• » [isapros] Re: Not so OT: FW: Application Firewall security updates

1. Home
2. isapros
3. Archive
4. 11-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---