[20714] in bugtraq
Re: Personal Web Sharing remote stop
daemon@ATHENA.MIT.EDU (Erik Neuenschwander)
Sat May 19 14:42:42 2001
Message-ID: <090801c0e004$bdc3f140$bc4640ab@Stanford.EDU>
Reply-To: "Erik Neuenschwander" <erikn@stanford.edu>
From: "Erik Neuenschwander" <erikn@well.com>
To: "Bugtraq" <BUGTRAQ@securityfocus.com>
Date: Fri, 18 May 2001 18:40:43 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
"Terje Bless" <link@tss.no> wrote:
> On 16.05.01 at 10:01, Ron Trenka <ron@zowiedigital.com> wrote:
>
> >>BTW, if anyone has contacts at Apple _please_ bug them about starting
to
> >>take security seriously! It looks like the last update to Mac OS X
> >>(10.0.3) was to close the recent glob hole, but it isn't mentioned in
the
> >>release notes. Just some vague "security related fixes".
> >
> >That was part of the update. The biggest thing was to add the CD
burning
> >capability.
>
> Nope. That was .1 or .2 (I can't be bothered to check right now). .3
added
> /more/ CD-RW support and some vaguely hinted at security fixes involving
> FTP that just _scream_ at me that they've closed the glob hole but
aren't
> telling because then they'd have to fess up to having been bitten by it
in
> the first place. The worst part is that I fully expect the added CD-TW
> support was the more compelling reason for the upgrade; the FTP fix was
> just piggybacking along. *sigh*
>
> "This update delivers CD burning support for iTunes, a number of
> improvements for overall application stability and includes the
> latest version of the Internet file transfer service (ftpd)
> which features important security improvements."
>
Well, they now have more of a clue... Apple's finally got a security site
up!
http://www.apple.com/support/security/security.html
describes their processes
http://www.apple.com/supprt/security/security_updates.html
lists their updates and what vulnerabilities they patch
And, yes, it was the glob hole and it is now fixed. They even link to the
CERT Advisory.
--
Erik Neuenschwander Managing Director, i-Appliance Association
erikn@cs.stanford.edu Graduate Student, Stanford Philosophy
erikn@i-appliance.org http://www.stanford.edu/~erikn/
