Mac OS X Security Framework Secure Transport Cipher Negotiation Weakness

2006-11-14T07:04:00
ID OSVDB:30731
Type osvdb
Reporter Eric Cronin()
Modified 2006-11-14T07:04:00

Description

Vulnerability Description

Mac OS X contains a flaw that may allow the Security Framework to negotiate a weaker cipher than is available. It is possible that the flaw may allow less secure communications resulting in a loss of confidentiality.

Solution Description

Upgrade to version 10.4.8 or higher, as it has been reported to fix this vulnerability. In addition, Apple has released a patch for version 10.3.9.

Short Description

Mac OS X contains a flaw that may allow the Security Framework to negotiate a weaker cipher than is available. It is possible that the flaw may allow less secure communications resulting in a loss of confidentiality.

References:

Vendor Specific Advisory URL Security Tracker: 1017298 Secunia Advisory ID:23155 Related OSVDB ID: 30729 Related OSVDB ID: 30732 Related OSVDB ID: 30736 Related OSVDB ID: 30737 Related OSVDB ID: 30726 Related OSVDB ID: 30727 Related OSVDB ID: 30735 Related OSVDB ID: 30738 Related OSVDB ID: 30728 Related OSVDB ID: 30733 Related OSVDB ID: 30734 Related OSVDB ID: 30739 Related OSVDB ID: 30730 News Article: http://news.com.com/Apple+Mac+OS+X+patch+plugs+31+vulnerabilities/2100-1002_3-6139117.html FrSIRT Advisory: ADV-2006-4750 CVE-2006-4407 CERT VU: 734032 Bugtraq ID: 21335