Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.1385
OS X v10.8.5 Supplemental Update
4 October 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: OS X Mountain Lion
Publisher: Apple
Operating System: OS X
Impact/Access: Unauthorised Access -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2013-5163
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-10-03-1 OS X v10.8.5 Supplemental Update
OS X v10.8.5 Supplemental Update is now available and addresses the
following:
Directory Services
Available for: OS X Mountain Lion v10.8 to v10.8.5
Impact: A local user may modify Directory Services records with
system privileges
Description: A logic issue existed in Directory Services's
verification of authentication credentials allowing a local attacker
to bypass password validation. The issue was addressed through
improved credential validation.
CVE-ID
CVE-2013-5163 : the rookies of 42
OS X v10.8.5 Supplemental Update may be obtained from
the Software Update pane in System Preferences, or Apple's Software
Downloads web site: http://www.apple.com/support/downloads/
Fox OS X Mountain Lion v10.8.5
The download file is named: OSXUpd10.8.5Supp.dmg
Its SHA-1 digest is: 18636c06f0db5b326752628fb7a2dfa3ce077ae1
For OS X Mountain Lion v10.8.4
The download file is named: OSXUpd10.8.5.dmg
Its SHA-1 digest is: b115881f8541b2b80f89ff0e37563f2245be445b
For OS X Mountain Lion v10.8 and v10.8.3
The download file is named: OSXUpdCombo10.8.5.dmg
Its SHA-1 digest is: 5f574ec77678a965f4684d176ec13014d9ffac75
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJSTc6mAAoJEPefwLHPlZEwnZIQAJePLWS/A44WfcbaARuIbWWH
oBlV13t3iD6gEqsvICNb/XZU5EG/4zSfDKt9gBgpsHR/jcQ8+FNFL2wiu1q/POAv
Ecnx8p0oZVFrdL7dVe19TOitc/AleAkgr7E0/efp7tvxcK2B035N+Dc5SHdUVX/9
S9z3pF178Pl0akiMWI2c+iYcAHt1a1SIqTHOLnJlNr1RpIHkZork5uTrpjLl3qs4
7m/fjBg2JLqb6q6IlmyBviFI4StMUd+tPHZ23qPwnUL8L/x2H36566yA03hghsEc
1ZPatK3O+FHoVVgE8q/9GTH/42dG8K5wtF/xqpbyLqTVO79swjmIxW6vhZPXbmqW
LBDeZVEx6pvp7qWRlmqyvX2Bl3IuCRp4K8qHN4HsU8F8zko2wviHOyPU4TsB7gEI
xsETCtvVLLhImVoJF2Y9vLeAkWazqPIOlFFepeKcNSrN3L02hT3qQXXtZa4fTLON
xDYTnHVt8xjTmaApLLYc3jXaeRX03IekGW2cduEwkAvKuOZvh5lQI5OT22qWDgsN
3EaliNghCV7ActzQL8kTzkCOpSB9H34bkwGv5/rbEGQnOn6ROLB6JYuHX11lyJ/Z
/Bxn2Jfao3+FR2e8Xp07Z9RHFocwOduGtJziAj3WKjCvw8JzBROqchupsXkVUp6+
v8MP/bVYJ8LepQJm81IK
=VYQW
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUk4RqxLndAQH1ShLAQIHxxAAocyuAyeaA8Ahr2PeuKczn8l9tOtNKnKz
jxSdMPGtfWF7u2ky0G8Dm6LIMecWlY9yoUrsR4mliwADmNN0A/sIkaN595yLXZbS
CaNH7fFGGs/VYzCcHSIvCspda+YSsnTXlyT+brdS8KcpREwSDrd9IgtgpEcuwkKo
mqXtQo+968Cbj9DdO5W5aU0eFX86/yXsSWxnaoskeZZSeEnRkk05/KDj8FUqMXm7
9hh1hdlZVpk3KWZNPxQuzNO2gtCvu5nllBoJeYT29ZcDAcReyc5IeBJSIsjoul63
HyNymbjxAsNUmQ4JqsEuiS/3OXj4FVofAXlABm6wziKqxc4cUeO5Ki/39u9hPgtP
yJpsAT1v07c47VooHYIXCgtfgG53+LHMn0qH2HzyO9H9e8mAsJKY7+6vfYenxYlz
qMZggird5lNYHHBguUc5HfhEshqV8Z3BiNhfdmH8v1g/7MoQTuAhmo57AHfJGn/9
ybWru4NmGBHYkafkxo73u2fTzNEiUwH2veAbzfdBiy7qa4X8uvq3PM42QqLJYqjI
h8Xkhgp3vzhxqpPrhf4F1kEHm72rwJw35GNHnWODuW1UEUUcyLMS3PoHOsTRIqG0
zN4QpsZ7u/dOj8yWlQguZtedBt1iJcYGuwZ8a52TVBBDGB00N6oPO1+R5zxjZogt
o00l/76R8kY=
=YPB7
-----END PGP SIGNATURE-----