发布时间 :2005-11-01 07:47:00
修订时间 :2017-07-10 21:32:58

[原文]Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password.

[CNNVD]Apple Mac OS X Keychain密码信息泄漏漏洞(CNNVD-200511-015)

        Apple Mac OS X是苹果家族电脑所使用的操作系统。
        Mac OS X 10.4.2及更早版本中,Keychain保持密码是可见的,即使超时仍然可见。这会允许攻击者通过物理访问来得到密码信息。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:apple:mac_os_x_server:10.2.4Apple Mac OS X Server 10.2.4
cpe:/o:apple:mac_os_x_server:10.4.2Apple Mac OS X Server 10.4.2
cpe:/o:apple:mac_os_x:10.2.7Apple Mac OS X 10.2.7
cpe:/o:apple:mac_os_x_server:10.2.5Apple Mac OS X Server 10.2.5
cpe:/o:apple:mac_os_x:10.2.8Apple Mac OS X 10.2.8
cpe:/o:apple:mac_os_x_server:10.2.3Apple Mac OS X Server 10.2.3
cpe:/o:apple:mac_os_x_server:10.4.1Apple Mac OS X Server 10.4.1
cpe:/o:apple:mac_os_x_server:10.2.1Apple Mac OS X Server 10.2.1
cpe:/o:apple:mac_os_x_server:10.2.6Apple Mac OS X Server 10.2.6
cpe:/o:apple:mac_os_x_server:10.2.8Apple Mac OS X Server 10.2.8
cpe:/o:apple:mac_os_x_server:10.2.7Apple Mac OS X Server 10.2.7
cpe:/o:apple:mac_os_x:10.0.4Apple Mac OS X 10.0.4
cpe:/o:apple:mac_os_x:10.2.2Apple Mac OS X 10.2.2
cpe:/o:apple:mac_os_x:10.2.6Apple Mac OS X 10.2.6
cpe:/o:apple:mac_os_x:10.0.1Apple Mac OS X 10.0.1
cpe:/o:apple:mac_os_x:10.0.2Apple Mac OS X 10.0.2
cpe:/o:apple:mac_os_x_server:10.2.2Apple Mac OS X Server 10.2.2
cpe:/o:apple:mac_os_x:10.0.3Apple Mac OS X 10.0.3
cpe:/o:apple:mac_os_x:10.2.1Apple Mac OS X 10.2.1
cpe:/o:apple:mac_os_x:10.2.3Apple Mac OS X 10.2.3
cpe:/o:apple:mac_os_x:10.4.1Apple Mac OS X 10.4.1
cpe:/o:apple:mac_os_x:10.2.4Apple Mac OS X 10.2.4
cpe:/o:apple:mac_os_x:10.4.2Apple Mac OS X 10.4.2
cpe:/o:apple:mac_os_x:10.2.5Apple Mac OS X 10.2.5
cpe:/o:apple:mac_os_x_server:10.1.5Apple Mac OS X Server 10.1.5
cpe:/o:apple:mac_os_x_server:10.3.3Apple Mac OS X Server 10.3.3
cpe:/o:apple:mac_os_x:10.3.6Apple Mac OS X 10.3.6
cpe:/o:apple:mac_os_x_server:10.3.4Apple Mac OS X Server 10.3.4
cpe:/o:apple:mac_os_x:10.3.7Apple Mac OS X 10.3.7
cpe:/o:apple:mac_os_x_server:10.3.9Apple Mac OS X Server 10.3.9
cpe:/o:apple:mac_os_x:10.3.8Apple Mac OS X 10.3.8
cpe:/o:apple:mac_os_x_server:10.1.4Apple Mac OS X Server 10.1.4
cpe:/o:apple:mac_os_x_server:10.3.2Apple Mac OS X Server 10.3.2
cpe:/o:apple:mac_os_x_server:10.1.1Apple Mac OS X Server 10.1.1
cpe:/o:apple:mac_os_x_server:10.1.2Apple Mac OS X Server 10.1.2
cpe:/o:apple:mac_os_x_server:10.4Apple Mac OS X Server 10.4
cpe:/o:apple:mac_os_x_server:10.3Apple Mac OS X Server 10.3
cpe:/o:apple:mac_os_x_server:10.3.5Apple Mac OS X Server 10.3.5
cpe:/o:apple:mac_os_x_server:10.3.7Apple Mac OS X Server 10.3.7
cpe:/o:apple:mac_os_x_server:10.3.8Apple Mac OS X Server 10.3.8
cpe:/o:apple:mac_os_x_server:10.3.6Apple Mac OS X Server 10.3.6
cpe:/o:apple:mac_os_x:10.2Apple Mac OS X 10.2
cpe:/o:apple:mac_os_x:10.1.3Apple Mac OS X 10.1.3
cpe:/o:apple:mac_os_x:10.3.1Apple Mac OS X 10.3.1
cpe:/o:apple:mac_os_x:10.1Apple Mac OS X 10.1
cpe:/o:apple:mac_os_x:10.0Apple Mac OS X 10.0
cpe:/o:apple:mac_os_x:10.3Apple Mac OS X 10.3
cpe:/o:apple:mac_os_x:10.3.5Apple Mac OS X 10.3.5
cpe:/o:apple:mac_os_x_server:10.1Apple Mac OS X Server 10.1
cpe:/o:apple:mac_os_x_server:10.0Apple Mac OS X Server 10.0
cpe:/o:apple:mac_os_x:10.1.1Apple Mac OS X 10.1.1
cpe:/o:apple:mac_os_x_server:10.1.3Apple Mac OS X Server 10.1.3
cpe:/o:apple:mac_os_x_server:10.3.1Apple Mac OS X Server 10.3.1
cpe:/o:apple:mac_os_x:10.1.2Apple Mac OS X 10.1.2
cpe:/o:apple:mac_os_x:10.4Apple Mac OS X 10.4
cpe:/o:apple:mac_os_x:10.3.9Apple Mac OS X 10.3.9
cpe:/o:apple:mac_os_x:10.1.4Apple Mac OS X 10.1.4
cpe:/o:apple:mac_os_x:10.3.2Apple Mac OS X 10.3.2
cpe:/o:apple:mac_os_x:10.1.5Apple Mac OS X 10.1.5
cpe:/o:apple:mac_os_x:10.3.3Apple Mac OS X 10.3.3
cpe:/o:apple:mac_os_x:10.3.4Apple Mac OS X 10.3.4
cpe:/o:apple:mac_os_x_server:10.2Apple Mac OS X Server 10.2

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(PATCH)  BID  15252
(UNKNOWN)  VUPEN  ADV-2005-2256
(UNKNOWN)  XF  macos-keychainaccess-information-disclosure(44462)

- 漏洞信息

Apple Mac OS X Keychain密码信息泄漏漏洞
低危 资料不足
2005-11-01 00:00:00 2009-02-06 00:00:00
        Apple Mac OS X是苹果家族电脑所使用的操作系统。
        Mac OS X 10.4.2及更早版本中,Keychain保持密码是可见的,即使超时仍然可见。这会允许攻击者通过物理访问来得到密码信息。

- 公告与补丁


- 漏洞信息 (F41098)

Apple Security Advisory 2005-10-31 (PacketStormID:F41098)
2005-11-01 00:00:00

Flaws for Finder, Software Update, memberd, Keychain, and the kernel have all been addressed in this latest Apple update.

Hash: SHA1

APPLE-SA-2005-10-31 Mac OS X v10.4.3

Mac OS X v10.4.3 and Mac OS X Server v10.4.3 are now available and
deliver the following security enhancements:

CVE-ID:  CVE-2005-2749
Available for:  Mac OS X v10.4.2, Mac OS X Server v10.4.2
Impact:  File ownership information may be misleading
Description:  Under certain situations, the file and group ownership
information displayed in the Finder Get Info window may not be
correct. This update addresses the issue by synchronizing the
displayed ownership with the actual ownership in all situations.
This issue does not affect systems prior to Mac OS X v10.4.

Software Update
CVE-ID:  CVE-2005-2750
Available for:  Mac OS X v10.4.2, Mac OS X Server v10.4.2
Impact:  Important Software Updates may not install
Description:  Software Update can be instructed by the user to
ignore specific updates. If all applicable updates have been marked
in this way, Software Update will exit without providing an an
opportunity to reset the status of these updates so that they may
be installed. This update addresses the issue by asking whether the
ignored updates list should be reset when this situation is
encountered. This issue does not affect systems prior to Mac OS X

CVE-ID:  CVE-2005-2751
Available for:  Mac OS X Server v10.4.2
Impact:  Changes to group membership are delayed for hours
Description:  In certain situations, changes to a group's membership
may not be immediately reflected in access control checks. This may
result in an authenticated user being able to access files or other
resources even after they have been removed from a group. This
update addresses the issue by invalidating the group membership
cache at appropriate times. This issue does not affect systems
prior to Mac OS X v10.4.

CVE-ID:  CVE-2005-2739
Available for:  Mac OS X v10.4.2, Mac OS X Server v10.4.2
Impact:  Keychain Access will continue displaying plaintext
passwords after lock timeout
Description:  Keychain Access is a utility distributed with Mac OS X
that is used to view keychain items and change keychain settings.
If a keychain automatically locks due to a timeout while viewing a
password stored inside it, that password will remain visible. This
update patches Keychain Access so that passwords are hidden when
keychains lock. This issue does not affect systems prior to Mac OS
X v10.4. Credit to Eric Hall of DarkArt Consulting Services for
reporting this issue.

CVE-ID:  CVE-2005-1126, CVE-2005-1406, CVE-2005-2752
Available for:  Mac OS X v10.4.2, Mac OS X Server v10.4.2
Impact:  Kernel memory may be disclosed to local users
Description:  Certain kernel interfaces may return data that
includes sensitive information in uninitialized memory. These
issues affect Mac OS X v10.4.2 and earlier. Credit to Ilja van
Sprundel and Neil Archibald of Suresec LTD, and Colin Percival of
the FreeBSD team for reporting these issues.

Mac OS X v10.4.3 may be obtained from the Software Update pane in
System Preferences, or Apple's Software Downloads web site:

For Mac OS X v10.4.2
The download file is named:  "MacOSXUpdate10.4.3.dmg"
Its SHA-1 digest is:  d5f641c111621705dd0da4ecdd733a1f47c576a3

For Mac OS X v10.4 and Mac OS X v10.4.1
The download file is named:  "MacOSXUpdateCombo10.4.3.dmg"
Its SHA-1 digest is:  1264c6c4583aa163a6e8465fbad7d0ff58b32086

For Mac OS X Server v10.4.2
The download file is named:  "MacOSXServerUpdate10.4.3.dmg"
Its SHA-1 digest is:  a2cea3387079e92618b02196e7683c85377d512f

For Mac OS X Server v10.4 and Mac OS X Server v10.4.1
The download file is named:  "MacOSXSrvrUpdCombo10.4.3.dmg"
Its SHA-1 digest is:  6dbc793d6613861d7e1954c477f11215db1bb569

Information will also be posted to the Apple Product Security
web site:

This message is signed with Apple's Product Security PGP key,
and details are available at:

Version: PGP Desktop 9.0.2 (Build 2425)



- 漏洞信息

Apple Mac OS X Keychain Access Password Exposure
Local Access Required Information Disclosure
Loss of Confidentiality
Exploit Unknown

- 漏洞描述

Mac OS X contains a flaw that may lead to an unauthorized password exposure. The issue is due to the way the Keychain Access utility handles automatic password display timeouts. When a keychain automatically locks due to a timeout while viewing a stored password, the password will remain visible afterwords. It is possible to gain access to plaintext passwords when viewing a keychain resulting in a loss of confidentiality.

- 时间线

2005-10-28 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 10.4.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete