BID:39169

Apple Mac OS X Application Firewall Rule Remote Security Bypass Vulnerability

Info

Apple Mac OS X Application Firewall Rule Remote Security Bypass Vulnerability

Bugtraq ID:	39169
Class:	Design Error
CVE:	CVE-2009-2801
Remote:	Yes
Local:	No
Published:	Mar 29 2010 12:00AM
Updated:	Mar 29 2010 12:00AM
Credit:	Michael Kisor of OrganicOrb.com
Vulnerable:	Apple Mac OS X Server 10.5.8 Apple Mac OS X Server 10.5.7 Apple Mac OS X Server 10.5.6 Apple Mac OS X Server 10.5.5 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.8 Apple Mac OS X 10.5.7 Apple Mac OS X 10.5.6 Apple Mac OS X 10.5.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.5

Not Vulnerable:

Discussion

Apple Mac OS X Application Firewall Rule Remote Security Bypass Vulnerability

Apple Mac OS X is prone to a security-bypass vulnerability that affects Application Firewall.

Attackers can exploit this issue to bypass firewall rules. This may lead to other attacks.

Mac OS X 10.5.8 and Mac OS X Server 10.5.8 are vulnerable.

NOTE: This issue was previously covered in BID 39020 (Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security Vulnerabilities) but has been assigned its own record to better document it.

Exploit / POC

Apple Mac OS X Application Firewall Rule Remote Security Bypass Vulnerability

Attackers can use readily available utilities to exploit this issue.

Solution / Fix

Apple Mac OS X Application Firewall Rule Remote Security Bypass Vulnerability

Solution:
Updates are available. Please see the references for details.

Apple Mac OS X 10.5