发布时间 :2002-07-11 00:00:00
修订时间 :2008-09-05 16:28:39

[原文]SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.

[CNNVD]MacOS X SoftwareUpdate任意程序包安装漏洞(CNNVD-200207-064)

        MacOS 10.1.x版本的SoftwareUpdate在下载软件更新时不使用认证,远程攻击者可以通过借助例如DNS欺骗或高速缓存中毒等技术冒充Apple更新服务器以及提供Trojan Horse更新来执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:apple:mac_os_x:10.1.5Apple Mac OS X 10.1.5
cpe:/o:apple:mac_os_x:10.1.3Apple Mac OS X 10.1.3
cpe:/o:apple:mac_os_x:10.1.4Apple Mac OS X 10.1.4
cpe:/o:apple:mac_os_x:10.1Apple Mac OS X 10.1
cpe:/o:apple:mac_os_x:10.1.1Apple Mac OS X 10.1.1
cpe:/o:apple:mac_os_x:10.1.2Apple Mac OS X 10.1.2

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BID  5176
(UNKNOWN)  XF  macos-softwareupdate-no-auth(9502)

- 漏洞信息

MacOS X SoftwareUpdate任意程序包安装漏洞
高危 设计错误
2002-07-11 00:00:00 2007-03-02 00:00:00
        MacOS 10.1.x版本的SoftwareUpdate在下载软件更新时不使用认证,远程攻击者可以通过借助例如DNS欺骗或高速缓存中毒等技术冒充Apple更新服务器以及提供Trojan Horse更新来执行任意代码。

- 公告与补丁

        Look for updates from Apple on
        Apple has released fixes.
        Apple Mac OS X 10.1
        Apple Mac OS X 10.1.1
        Apple Mac OS X 10.1.2
        Apple Mac OS X 10.1.3
        Apple Mac OS X 10.1.4
        Apple Mac OS X 10.1.5

- 漏洞信息 (21596)

MacOS X 10.1.x SoftwareUpdate Arbitrary Package Installation Vulnerability (EDBID:21596)
osX remote
2002-07-08 Verified
0 Russell Harding
N/A [点击下载]

A vulnerability has been reported for MacOS X where an attacker may use SoftwareUpdate to install malicious software on the vulnerable system. SoftwareUpdate uses HTTP, without any authentication, to obtain updates from Apple. Any updated packages are installed on the system as the root user.

In order to exploit this vulnerability, the attacker must control the machine located at, from the perspective of the vulnerable client. It may be possible to create this condition through some known techniques, including DNS cache poisoning and DNS spoofing.		

- 漏洞信息

Mac OS SoftwareUpdate Execute Arbitrary Program
Remote / Network Access Authentication Management, Cryptographic, Infrastructure
Loss of Confidentiality, Loss of Integrity, Loss of Availability
Exploit Public

- 漏洞描述

MacOS X contains a flaw that may allow a malicious user to install or run arbitrary code on vulnerable systems. The issue is due to a lack of authentication and verification of packages by the SoftwareUpdate system. It is possible that the flaw may allow an attacker posing as the authoritative SoftwareUpdate site to deploy and execute malicious code, resulting in a loss of confidentiality, integrity, and/or availability.

- 时间线

2002-07-06 2002-07-06
2002-07-06 Unknow

- 解决方案

It is possible to workaround this vulnerability by disabling automatic updates. Apple has also released a patch to address this vulnerability.

- 相关参考

- 漏洞作者