updated 06:05 pm EST, Fri February 14, 2003
Apple notes that , which addresses a general security concern.
configured to use a custom DNS map to query TXT records, could permit a denial
of service attack and possibly allow execution of arbitrary code. Mac OS X
10.2.4 contains Sendmail 8.12.6 with the SMRSH fix applied to also address
administrator". Provides an option whereby a system administrator may or may
not be allowed to log in as a user, authenticating via their admin password.
Previously, administrators could always log in as a user, authenticating via
their own admin password.
variable to create arbitrary files or overwrite existing files, which could lead
to obtaining elevated privileges. (Apple credits Dave G. from @stake, Inc. for
discovering this issue.)
issue in Samba's length checking for encrypted password changes. Mac OS X
currently uses Directory Services for authentication, and does not call the
vulnerable Samba function. However, to prevent a potential future exploit via
this function, the patch from Samba 2.2.7 was applied although the version of
Samba was not changed for this update release.