Apple Mac OS X Server Administration Service Undisclosed Remote Buffer Overflow Vulnerability

Bugtraq ID:	9914
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 19 2004 12:00AM
Updated:	Mar 19 2004 12:00AM
Credit:	Discovery of this vulnerability has been credited to Jack C ("crEp") <[email protected]>.
Vulnerable:	Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.1.5 Apple Mac OS X Server 10.1.4 Apple Mac OS X Server 10.1.3 Apple Mac OS X Server 10.1.2 Apple Mac OS X Server 10.1.1 Apple Mac OS X Server 10.1 Apple Mac OS X Server 10.0 Apple Mac OS X 10.3.3 Apple Mac OS X 10.2.8
Not Vulnerable:

Apple Mac OS X Server Administration Service Undisclosed Remote Buffer Overflow Vulnerability

An undisclosed buffer overflow vulnerability has been reported in Apple Mac OS X Server Administration service. This service has been reported to be exclusively associated with port 660.

The reports indicate that when this service handles a request that is 2056 bytes long the service will crash and restart.

This BID will be updated as further details regarding this issue are disclosed.

Apple Mac OS X Server Administration Service Undisclosed Remote Buffer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Apple Mac OS X Server Administration Service Undisclosed Remote Buffer Overflow Vulnerability

Solution:
Apple has released security advisory APPLE-SA-2004-05-03 dealing with this and other issues. Please see the referenced advisory for more information.


Apple Mac OS X 10.2.8

• Apple SecUpd2004-05-03Jag.dmg
  http://download.info.apple.com/Mac_OS_X/061-1217.20040503.BmkY5/2Z/Sec Upd2004-05-03Jag.dmg


• Apple SecUpd2004-05-03Pan.dmg
  http://download.info.apple.com/Mac_OS_X/061-1213.20040503.vngr3/2Z/Sec Upd2004-05-03Pan.dmg


• Apple SecUpdSrvr2004-05-03Jag.dmg
  http://download.info.apple.com/Mac_OS_X/061-1219.20040503.Zsw3S/2Z/Sec UpdSrvr2004-05-03Jag.dmg


• Apple SecUpdSrvr2004-05-03Pan.dmg
  http://download.info.apple.com/Mac_OS_X/061-1215.20040503.mPp9k/2Z/Sec UpdSrvr2004-05-03Pan.dmg

Apple Mac OS X Server 10.2.8

• Apple SecUpd2004-05-03Jag.dmg
  http://download.info.apple.com/Mac_OS_X/061-1217.20040503.BmkY5/2Z/Sec Upd2004-05-03Jag.dmg


• Apple SecUpd2004-05-03Pan.dmg
  http://download.info.apple.com/Mac_OS_X/061-1213.20040503.vngr3/2Z/Sec Upd2004-05-03Pan.dmg


• Apple SecUpdSrvr2004-05-03Jag.dmg
  http://download.info.apple.com/Mac_OS_X/061-1219.20040503.Zsw3S/2Z/Sec UpdSrvr2004-05-03Jag.dmg


• Apple SecUpdSrvr2004-05-03Pan.dmg
  http://download.info.apple.com/Mac_OS_X/061-1215.20040503.mPp9k/2Z/Sec UpdSrvr2004-05-03Pan.dmg

Apple Mac OS X Server 10.3.3

• Apple SecUpd2004-05-03Jag.dmg
  http://download.info.apple.com/Mac_OS_X/061-1217.20040503.BmkY5/2Z/Sec Upd2004-05-03Jag.dmg


• Apple SecUpd2004-05-03Pan.dmg
  http://download.info.apple.com/Mac_OS_X/061-1213.20040503.vngr3/2Z/Sec Upd2004-05-03Pan.dmg


• Apple SecUpdSrvr2004-05-03Jag.dmg
  http://download.info.apple.com/Mac_OS_X/061-1219.20040503.Zsw3S/2Z/Sec UpdSrvr2004-05-03Jag.dmg


• Apple SecUpdSrvr2004-05-03Pan.dmg
  http://download.info.apple.com/Mac_OS_X/061-1215.20040503.mPp9k/2Z/Sec UpdSrvr2004-05-03Pan.dmg

Apple Mac OS X 10.3.3

• Apple SecUpd2004-05-03Jag.dmg
  http://download.info.apple.com/Mac_OS_X/061-1217.20040503.BmkY5/2Z/Sec Upd2004-05-03Jag.dmg


• Apple SecUpd2004-05-03Pan.dmg
  http://download.info.apple.com/Mac_OS_X/061-1213.20040503.vngr3/2Z/Sec Upd2004-05-03Pan.dmg


• Apple SecUpdSrvr2004-05-03Jag.dmg
  http://download.info.apple.com/Mac_OS_X/061-1219.20040503.Zsw3S/2Z/Sec UpdSrvr2004-05-03Jag.dmg


• Apple SecUpdSrvr2004-05-03Pan.dmg
  http://download.info.apple.com/Mac_OS_X/061-1215.20040503.mPp9k/2Z/Sec UpdSrvr2004-05-03Pan.dmg

Apple Mac OS X Server Administration Service Undisclosed Remote Buffer Overflow Vulnerability

References:

• Mac OS X Homepage (Apple)
  
• mac osx- admin service buffer overflow ()
  
• Re: mac osx- admin service buffer overflow ()
  
• Re: mac osx- admin service buffer overflow (Mathias Wegner )