Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2003.0415 -- APPLE-SA-2003-06-12 Security Update 2003-06-12 Security holes in the Apache 2.0.x mod_dav module and dsimportexport 13 June 2003 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Apache 2.0.x dsimportexport Publisher: Apple Operating System: Mac OS X Impact: Denial of Service Access Confidential Data Access Required: Remote Existing Account CVE Names: CAN-2003-0245, CAN-2003-0420 Ref: ESB-2003.0380 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2003-06-12 Security Update 2003-06-12 Apache 2 Security Update 2003-06-12 is now available. It contains fixes for the following potential security issues for Mac OS X Server. Mac OS X client does not contain the issues being addressed by this software update. Apache 2.0: Fixes CAN-2003-0245 by updating Apache 2.0.45 to 2.0.46 to address a security hole in the mod_dav module that could be exploited remotely causing an Apache Web server process to crash. Apache 1.3 is unaffected and is the primary web server on Mac OS X Server. Apache 2.0 is installed with Mac OS X Server, but off by default. dsimportexport: Fixes CAN-2003-0420 where a logged-in user could potentially view the name and password of the account running the dsimportexport tool. Security Update 2003-06-12 may be obtained from: * Software Update pane in System Preferences - OR - * Apple's Software Downloads web site: http://www.info.apple.com/kbnum/n120215 The download file is named: "SecurityUpd2003-06-12.dmg" Its SHA-1 digest is: 1f8e101111ae059ebd6eaf91b69267808517b4a1 Information is also posted to the Apple Support web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/security_pgp.html - -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 iQEVAwUBPukFjHeI0z6bzFr0AQIZQAgAgKNZ4eFeiTYQNyHC6Xa3A0AVAz84RkFQ 5Eb7BivZgBH+Wa0AMfs4OH9Z7+XtBFH5GbkKHL9MOSeW97cDCyBxTaNk/G98SFgj DdAmnbNY5GUA5mhEq4gRMChICJGE+Fc9zQLqwGFZ4NDlpOpoDWILOABM4E4NeeVe 3AEPZe4WeVXRup+kAfYfY2oyKz74AxU2CeHnEwQC3OFpBM1zFu59x2S1TPdwi8Ti 6K2Uyzv0bjKtSNxgeoCLzJgiah9B7otzOyR0h5xqJ/shlwAX4f3/GEeK//V0B6a+ +GimSMrHQPPvSFRRWpRdHAEB24vasaDG6SjJ/dUDqCwcCH6jekWxdA== =Gs31 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to use any or all of this information is the responsibility of each user or organisation, and should be done so in accordance with site policies and procedures. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your system has been compromised, contact AusCERT or your representative in FIRST (Forum of Incident Response and Security Teams). Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBPuklUyh9+71yA2DNAQEODwP/bTQGd7h2pcAuZUcedxMadyc3ih4Jb59o W6YTCakPNkh2o/+swYvU/xl0BycdMEAYIt4o7vig4U9CnhGQyjUU1gnNDuHcUfPY mLkAWSimM/VOIygEhAcm43HOwsKQ++TSvsskFr+BcoNH/U8+zgAhWMiPDy7+W2Aq j5QR8k/lcAU= =AMoJ -----END PGP SIGNATURE-----