|
|
Security Update 2004-10-27 in Software update
|
|
|
|
Professional Poster
Join Date: Aug 2001
Location: Somewhere, but not here.
Status:
Offline
|
|
...thread title says it all.
|
Artificial intelligence is no match for natural stupidity...
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Mar 2001
Status:
Offline
|
|
http://www.apple.com/support/downloa...041027ard.html
http://docs.info.apple.com/article.html?artnum=61798
Security Update 2004-10-27
Apple Remote Desktop
Available for: Apple Remote Desktop Client 1.2.4 with Mac OS X 10.3.x
CVE-ID: CAN-2004-0962
Impact: An application can be started behind the loginwindow and it will run as root.
Description: For a system with these following conditions
Apple Remote Desktop client installed
A user on the client system has been enabled with the Open and quit applications privilege
The username and password of the ARD user is known
Fast user switching has been enabled
A user is logged in, and loginwindow is active via Fast User Switching
If the Apple Remote Desktop Administrator application on another system is used to start a GUI application on the client, then the GUI application would run as root behind the loginwindow. This update prevents Apple Remote Desktop from launching applications when the loginwindow is active. This security enhancement is also present in Apple Remote Desktop v2.1. This issue does not affect systems prior to Mac OS X 10.3. Credit to Andrew Nakhla and Secunia Research for reporting this issue.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jun 2001
Location: Northwest Ohio
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Mar 2001
Status:
Offline
|
|
Originally posted by Person Man:
Um, details?
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jun 2001
Location: Northwest Ohio
Status:
Offline
|
|
Originally posted by piracy:
I was hoping it would fix the /Library/StartupItems permissions oversight.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jun 2001
Location: Northwest Ohio
Status:
Offline
|
|
Oh, by the way. This update does NOT require a restart.
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Aug 2004
Location: Outfield - #24
Status:
Offline
|
|
Originally posted by Person Man:
Oh, by the way. This update does NOT require a restart.
Phew...
My uptime was approaching 22 hours...I would HATE to start over!
|
|
|
|
|
|
|
|
|
Forum Regular
Join Date: Apr 2003
Status:
Offline
|
|
Hrm. Not showing up in SU for me (yet anyway).
I'll keep checking.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jun 2001
Location: Northwest Ohio
Status:
Offline
|
|
Originally posted by johnt519:
Hrm. Not showing up in SU for me (yet anyway).
I'll keep checking.
Do you have Apple Remote Desktop 2.1 installed? That software already has the update in it, so it would not be needed in that case.
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: May 2001
Status:
Offline
|
|
Well I don't have the Apple Remote Desktop installed (I use VNC)...
...so why did I need this update? According to the description, ARD is required for this to be a vulnerability...
W
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jun 2001
Location: Northwest Ohio
Status:
Offline
|
|
Originally posted by VValdo:
Well I don't have the Apple Remote Desktop installed (I use VNC)...
...so why did I need this update? According to the description, ARD is required for this to be a vulnerability...
W
Panther has the Remote Desktop Client (version 1.x) built in.
|
|
|
|
|
|
|
|
|
Forum Regular
Join Date: Apr 2003
Status:
Offline
|
|
Nope, don't have remote desktop. And it's still not listed as available on two of my systems. iTunes/Quicktime took until today to finally show up in SU.
Guess I'm just at the bottom of the update list.
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: May 1999
Location: Seattle
Status:
Offline
|
|
I'm not seeing it either on my PB, but my iMac found it...
|
1.25GHz PowerBook
i vostri seni sono spettacolari
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|