‫ Apple Remote Desktop Unencrypted Connection Security Issue and Format String Vulnerability

IRCAD2013102951
ID:IRCAD2013102951
Release Date: 2013-10-23
Criticality level: Highly critical
Software:
Apple Remote Desktop 3.x
 
Description:
A security issue and a vulnerability have been reported in Apple Remote Desktop, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system.
1) A format string error exists when handling the VNC username within the Apple Remote Desktop component.
This vulnerability is reported in versions prior to 3.5.4 and 3.7.
2) An error when handling certain authentication types related to third-party VNC servers within the Apple Remote Desktop component may lead to the connection being unencrypted without warning.
This security issue is reported in versions prior to 3.7.
 
Solution:
Update to version 3.5.4 or 3.7.
 
References:
 
Secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 4 آبان 1392

امتیاز

امتیاز شما
تعداد امتیازها:0