Article

Apple fixes Xsan security flaw

Bill Brenner
Apple Computer Inc. has fixed a security flaw attackers could exploit in its Xsan file system software to launch malicious code or crash vulnerable machines.

The flaw is of particular concern to enterprises that use Apple's latest

    Requires Free Membership to View

operating system, as Xsan enables the creation of an enterprise-class storage area network (SAN) for the Mac OS X operating system and the Mac OS X Server.

The Cupertino, Calif.-based vendor said the application fails to do a proper bounds check of user-supplied input before copying it into an insufficiently sized buffer. The vulnerability presents itself at the file system driver when certain unspecified path names are processed.

"A malicious user with write access to an Xsan volume may be able to trigger the overflow on systems directly attached to Xsan," Apple said. "This could lead to a system crash or arbitrary code execution with system privileges."

Apple said the problem is fixed in the newly released version 1.4 by performing additional validation of path names.

Cupertino, Calif.-based antivirus giant Symantec Corp. analyzed the problem and, in an advisory sent to customers of its DeepSight Threat Management Service, said, "This issue may allow remote attackers to execute arbitrary machine code with system privileges on computers directly attached to the vulnerable file system. Failed exploit attempts will likely result in a system crash, denying service to legitimate users."

While Apple has fixed the problem with the release of version 1.4, Symantec said customers can mitigate the effects of the flaw by:

  • Not accepting, opening or executing files from untrusted or unknown sources.
  • Permitting privileged access for trusted individuals only.
  • Disabling unnecessary permissions to untrusted users. Since the flaw requires write access to the file system, this measure would reduce the likelihood of successful exploits.
  • Implementing multiple redundant layers of security.

    Apple credited Andrew Wellington of the Australian National University with discovering and reporting the issue.


  • There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: