Mac OS X Update 2007-004 FTPServer Configuration File Regression Weakness

2007-04-19T10:33:35
ID OSVDB:34869
Type osvdb
Reporter OSVDB
Modified 2007-04-19T10:33:35

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a malicious ftp user to access directories outside of normal scope. The issue is triggered by an incorrect configuration file that is installed by Security Update 2007-004. It is possible that the flaw may allow arbitrary access to additional directories resulting in a loss of confidentiality, and/or integrity.

Technical Description

This vulnerability applies only to Mac OS X Server 10.4.9 with Security Update 2007-004.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

Mac OS X contains a flaw that may allow a malicious ftp user to access directories outside of normal scope. The issue is triggered by an incorrect configuration file that is installed by Security Update 2007-004. It is possible that the flaw may allow arbitrary access to additional directories resulting in a loss of confidentiality, and/or integrity.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1017990 Secunia Advisory ID:24966 Related OSVDB ID: 34857 Related OSVDB ID: 34858 Related OSVDB ID: 34859 Related OSVDB ID: 34862 Related OSVDB ID: 34864 Related OSVDB ID: 34860 Related OSVDB ID: 34865 Related OSVDB ID: 34866 Related OSVDB ID: 34868 Related OSVDB ID: 34863 Related OSVDB ID: 34861 Related OSVDB ID: 34867 Related OSVDB ID: 34870 Related OSVDB ID: 34871 Mail List Post: http://lists.apple.com/archives/security-announce/2007/May/msg00000.html ISS X-Force ID: 34001 CVE-2007-0745