Jump to content

castufari

Members
  • Content count

    28
  • Joined

  • Last visited

Community Reputation

0 Neutral

About castufari

  • Rank
    Mac Geek Apprentice

Contact Methods

  • Website URL
    http://castufari.blogspot.com
  • ICQ
    0

Profile Information

  • Location
    Asheville, NC
  1. castufari

    G5 iMac fan

    Newegg has them, they're just sound deadening kits. Are the fans of a special size? You might be able to pick up a few silicone washers at your local hardware store.
  2. http://docs.info.apple.com/article.html?artnum=302163 Security Update 2005-007 * Apache 2 CVE-ID: CAN-2005-1344 Available for: Mac OS X Server v10.3.9 Impact: The htdigest program contains a buffer overflow, which, if used improperly in a CGI application, could allow a remote system compromise. Description: The htdigest program contains a buffer overflow, and could be used in a CGI application to manage user access controls to a web server. This update fixes the buffer overflow in htdigest. Apple does not provide any CGI applications that use the htdigest program. Apache 2 ships only with Mac OS X Server, and is off by default. This issue was fixed for Apache 1.3 in Security Update 2005-005. Credit to JxT of SNOsoft for reporting this issue. * Apache 2 CVE-ID: CAN-2004-0942, CAN-2004-0885 Available for: Mac OS X Server v10.3.9 Impact: Multiple security issues in Apache 2. Description: The Apache Group fixed two vulnerabilities between versions 2.0.52 and 2.0.53 (the Apache Group security page for Apache 2 is located at http://httpd.apache.org/security/vulnerabi...lities_20.html). Apache 2 is updated to version 2.0.53 (the previous version was 2.0.52). Apache 2 ships only with Mac OS X Server, and is off by default. * Apache 2 CVE-ID: CAN-2004-1083, CAN-2004-1084 Available for: Mac OS X Server v10.3.9, Mac OS X Server v10.4.2 Impact: Apache 2 example configurations do not fully block access to resource forks, ".ht" files, or ".DS_Store" files. Description: Apache 2 ships only with Mac OS X Server, and is off by default. It is important that administrators who enable this server manually are aware of the files that should be blocked to avoid security exposures. A default Apache 2 configuration blocks access to files starting with ".ht" in a case-sensitive way. The Apple HFS+ filesystem isn't case-sensitive when performing file access, and maps resource forks of files to path names. The Finder may also create .DS_Store files containing the names of files in locations used to serve webpages. This update modifies the sample Apache 2 configuration to show how to restrict access to these files and resource forks. This issue was fixed for Apache 1.3 in Security Update 2004-12-02. Additional information is available here. * AppKit CVE-ID: CAN-2005-2501 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.2, Mac OS X Server v10.4.2 Impact: Opening a malicious, rich text file could lead to arbitrary code execution. Description: A buffer overflow in the handling of maliciously crafted rich text files could lead to arbitrary code execution. This update prevents the buffer overflow from occuring. * AppKit CVE-ID: CAN-2005-2502 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.2, Mac OS X Server v10.4.2 Impact: Opening a maliciously crafted Microsoft Word .doc file could result in arbitrary code execution. Description: A buffer overflow in AppKit that is responsible for reading Word documents could allow arbitrary code execution. Only applications such as TextEdit that use AppKit to open Word documents are vulnerable. Microsoft Word for Mac OS X is not vulnerable. This update prevents the buffer overflow. * AppKit CVE-ID: CAN-2005-2503 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.2, Mac OS X Server v10.4.2 Impact: A malicious user with physical access to a system could create additional local accounts. Description: A malicious user who has full physical access to a system could create additional accounts by forcing an error condition. This update prevents the error conditions from occurring at the login window. * Bluetooth CVE-ID: CAN-2005-2504 Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2 Impact: The System Profiler information about whether or not a Bluetooth device requires authentication is misleading. Description: Selecting "Require pairing for security" in Bluetooth preferences correctly sets the device to require authentication, but in System Profiler the device is labeled with "Requires Authentication: No." This update changes System Profiler to accurately reflect the Bluetooth security settings. This issue does not affect systems prior to Mac OS X 10.4. Credit to John M. Glenn of San Francisco for reporting this issue. * CoreFoundation CVE-ID: CAN-2005-2505 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9 Impact: Buffer overflow via a command line argument for applications using the CoreFoundation framework. Description: The incorrect handling of a command line argument within the CoreFoundation framework can result in a buffer overflow that may be used to execute arbitrary code. This issue has been addressed by improved handling of command line arguments. This issue does not affect Mac OS X 10.4. Credit to David Remahl of www.remahl.se/david for reporting this issue. * CoreFoundation CVE-ID: CAN-2005-2506 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.2, Mac OS X Server v10.4.2 Impact: Passing a malformed date to the CoreFoundation framework can cause applications to stall. Description: The parsing of Gregorian dates in the CoreFoundation framework is vulnerable to an algorithmic complexity attack that could result in a denial of service. This update modifies the algorithm to parse all valid dates within a fixed processing time. Credit to David Remahl of www.remahl.se/david for reporting this issue. * CUPS CVE-ID: CAN-2005-2525, CAN-2005-2526 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.2, Mac OS X Server v10.4.2 Impact: The CUPS printing service will not print unless it is restarted. Description: When handling multiple, simultaneous, print jobs, the CUPS printing service can stop printing because it incorrectly tracks open file descriptors. In addition, if CUPS receives a partial IPP request and a client terminates the connection, the printing service will then consume all available CPUs. If the service is restarted, then printing will resume. This update corrects the handling of multiple, simultaneous print jobs and partial requests. * Directory Services CVE-ID: CAN-2005-2507 Available for: Mac OS X Server v10.3.9, Mac OS X Server v10.4.2 Impact: A buffer overflow in Directory Services could lead to remote execution of arbitrary code. Description: A buffer overflow in the handling of authentication can lead to arbitrary code execution by a remote attacker. This update prevents the buffer overflow from occurring. * Directory Services CVE-ID: CAN-2005-2508 Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2 Impact: The privileged tool dsidentity has several security flaws that can result in non-administrative users adding or removing identity user accounts in Directory Services. Description: This update addresses this issue by removing dsidentity and its documentation. This issue does not affect systems prior to Mac OS X 10.4. Credit to kf_lists[at]digitalmunition[dot]com and Neil Archibald of Suresec LTD for reporting this issue. * Directory Services CVE-ID: CAN-2005-2519 Available for: Mac OS X Server v10.3.9 Impact: Insecure temporary file creation could lead to a local privilege escalation. Description: slpd insecurely creates a root-owned file in the world-writable /tmp directory. This update moves the creation of the file to a directory that is not world-writable. This issue does not affect Mac OS X v10.4. * HItoolbox CVE-ID: CAN-2005-2513 Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2 Impact: VoiceOver may read content from secure input fields. Description: Under certain circumstances, secure input fields may be read by VoiceOver services. This update stops VoiceOver from exposing the content of these fields. This issue does not affect systems prior to Mac OS X v10.4. * Kerberos CVE-ID: CAN-2004-1189 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9 Impact: An authenticated user could execute arbitrary code on the KDC host, compromising a Kerberos realm. Description: A heap buffer overflow in password history handling code could be exploited to execute arbitrary code on a Key Distribution Center (KDC). This issue does not affect Mac OS X 10.4. Credit to the MIT Kerberos team for reporting this isue. Their advisory for this vulnerability is located at http://web.mit.edu/kerberos/advisories/MIT...-004-pwhist.txt * Kerberos CVE-ID: CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, CERT VU#885830 VU#259798 VU#623332 Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2 Impact: Multiple buffer overflow vulnerabilities could result in denial of service or remote compromise of a KDC. Description: This update upgrades Kerberos for Macintosh to version 5.5.1, which contains fixes for this issue. The Kerberos security advisories for these issues are located at http://web.mit.edu/kerberos/www/advisories/ * Kerberos CVE-ID: CAN-2005-2511 Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2 Impact: Kerberos-enabled logins when using LDAP can result in root compromise. Description: When Kerberos authentication is enabled in addition to LDAP, it was possible to gain access to a root Terminal window. Kerberos authentication has been updated to prevent this situation. This issue does not affect systems prior to Mac OS X v10.4. Credit to Jim Foraker of Carnegie Mellon University and colleagues at MacEnterprise.Org for reporting this issue. * loginwindow CVE-ID: CAN-2005-2509 Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2 Impact: A user can gain access to other logged-in accounts if Fast User Switching is enabled. Description: An error in the handling of Fast User Switching can allow a local user who knows the password for two accounts to log into a third account without knowing the password. This update corrects the authentication error. This issue does not affect systems prior to Mac OS X 10.4. Credit to Sam McCandlish for reporting this issue. * Mail CVE-ID: CAN-2005-2512 Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2 Impact: Loss of privacy due to Mail loading remote images in HTML emails. Description: When Mail.app is used to print or forward an HTML message, it will attempt to load remote images even if a user's preferences disallow it. As this network traffic is not expected, it may be considered a privacy leak. This update addresses the issue by having Mail.app only load remote images in HTML messages when the preferences allow it. This issue does not affect systems prior to Mac OS X v10.4. Credit to Brad Miller of CynicalPeak and John Pell of Foreseeable Solutions for reporting this issue. * MySQL CVE-ID: CAN-2005-0709, CAN-2005-0710, CAN-2005-0711 Available for: Mac OS X Server v10.3.9 Impact: Multiple vulnerabilities in MySQL, including arbitrary code execution by remote authenticated users. Description: MySQL is updated to version 4.0.24 to address several issues. This does not affect systems running Mac OS X v10.4 as Tiger shipped with MySQL version 4.1.10a, which is patched against this issue. The MySQL announcement for version 4.0.24 is located at http://dev.mysql.com/doc/mysql/en/news-4-0-24.html * OpenSSL CVE-ID: CAN-2004-0079, CAN-2004-0112 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.2, Mac OS X Server v10.4.2 Impact: Multiple denial of service vulnerabilities in OpenSSL. Description: OpenSSL is updated to version 0.9.7g to address several issues. The OpenSSL advisory for these issues is located at http://www.openssl.org/news/secadv_20040317.txt * ping CVE-ID: CAN-2005-2514 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9 Impact: A buffer overflow could result in local privilege escalation and arbitrary code execution. Description: The ping utility is vulnerable to a buffer overflow. This update prevents the buffer overflow from occurring. This issue does not affect systems running Mac OS X v10.4. Credit to Neil Archibald of Suresec LTD for reporting this issue. * QuartzComposerScreenSaver CVE-ID: CAN-2005-2515 Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2 Impact: Users could open webpages while the RSS Visualizer screen saver is locked. Description: It is possible to open displayed links from the RSS Visualizer in the background when the screen saver is configured to require a password. This update prevents the RSS Visualizer screen saver from opening a URL if a password is required to exit the screen saver. Credit to Jay Craft of GrooVault Entertainment, LLC for reporting this issue. * Safari CVE-ID: CAN-2005-2516 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.2, Mac OS X Server v10.4.2 Impact: Clicking on a link in a maliciously-crafted rich text file in Safari could lead to arbitrary command execution. Description: Safari renders rich text content using code that allows URLs to be called directly, which bypasses the normal browser security checks. This update addresses the issue by handling all links in rich text through Safari. * Safari CVE-ID: CAN-2005-2517 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.2, Mac OS X Server v10.4.2 Impact: Information can be inadvertently submitted to the wrong site. Description: When submitting forms in Safari on an XSL formatted page, data is sent to the next page browsed. This update addresses the issue by ensuring that form contents are submitted correctly. Credit to Bill Kuker for reporting this issue. * SecurityInterface CVE-ID: CAN-2005-2520 Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2 Impact: Recently-used passwords are visible via the password assistant. Description: The password assistant provides an easy mechanism for selecting a good password. If an administrator uses the password assistant while adding multiple accounts, they will be able to view previously suggested passwords. This only occurs when password assistant is used more than once from the same process. This update addresses the issue by resetting the suggested password list each time the password assistant is displayed. This issue does not affect systems prior to Mac OS X v10.4. Credit to Andrew Langmead of Boston.com for reporting this issue. * servermgrd CVE-ID: CAN-2005-2518 Available for: Mac OS X Server v10.3.9, Mac OS X Server v10.4.2 Impact: A buffer overflow in servermgrd could lead to remote execution of arbitrary code. Description: A buffer overflow in the handling of authentication can lead to arbitrary code execution by a remote attacker. This update prevents the buffer overflow from occurring. * servermgr_ipfilter CVE-ID: CAN-2005-2510 Available for: Mac OS X Server v10.4.2 Impact: Certain firewall policies created with the Server Admin tool are not always written to the Active Rules. Description: When using multiple subnets and Address Groups, the firewall rules are not always written to the Active Rules, depending on the order in which the IP subnets were entered into the Address Group. This update addresses the issue by generating correct rules irrespective of any ordering within the Address Group. This issue does not affect systems prior to Mac OS X 10.4. Credit to Matt Richard of Franklin & Marshall College and Chris Pepper of The Rockefeller University for reporting this issue. * SquirrelMail CVE-ID: CAN-2005-1769, CAN-2005-2095 Available for: Mac OS X Server v10.3.9, Mac OS X Server v10.4.2 Impact: Multiple vulnerabilities in SquirrelMail, including cross-site scripting and SquirrelMail user preference modification. Description: There are multiple vulnerabilities in SquirreMail prior to version 1.4.5. These fixes address cross-site scripting and an exposure that may allow attackers to modify user preferences. This update upgrades SquirrelMail to version 1.4.5. For more information, see http://www.squirrelmail.org. * traceroute CVE-ID: CAN-2005-2521 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9 Impact: A buffer overflow could result in local privilege escalation and arbitrary code execution. Description: The traceroute utility is vulnerable to a buffer overflow. This update prevents the buffer overflow from occurring. This issue does not affect systems running Mac OS X v10.4. Credit to Neil Archibald of Suresec LTD for reporting this issue. * WebKit CVE-ID: CAN-2005-2522 Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2 Impact: Clicking on a link in a maliciously-crafted PDF file in Safari could lead to arbitrary command execution. Description: Safari renders PDF content using code that allows URLs to be called directly, which bypasses the normal browser security checks. This Safari issue does not affect systems prior to Mac OS X v10.4. This update addresses the issue by handling all links in PDF through Safari. * Weblog Server CVE-ID: CAN-2005-2523 Available for: Mac OS X Server v10.4.2 Impact: Multiple cross-site scripting issues in Weblog Server. Description: Several cross-site scripting problems were discovered in the Weblog Server. This update improves the sanitizing of user input before redisplaying it. This issue does not affect systems prior to Mac OS X v10.4. Credit to Donnie Werner (wood@exploitlabs.com) of Exploitlabs.com and Atsushi MATSUO for reporting this issue. * X11 CVE-ID: CAN-2005-0605 Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2 Impact: A buffer overflow could result in arbitrary code execution. Description: An error in LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow. This issue does not affect systems prior to Mac OS X v10.4. * zlib CVE-ID: CAN-2005-2096, CAN-2005-1849 Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2 Impact: Applications linked against zlib are susceptible to denial of service attacks and potential execution of arbitrary code. Description: By carefully crafting a corrupt compressed data stream, an attacker can overwrite data structures in a zlib-using application, resulting in denial of service or possible arbitrary code execution. This update address the issue by updating zlib to version 1.2.3.
  3. castufari

    G5 iMac fan

    There are sound deadening kits for fans...my PC has rubber "gaskets" that wrap around the edges of the fans. All of my other case screws have silicon washers, I have no vibrations at all now.
  4. castufari

    HP Laserjet on Home network..Problem

    If the printer is hardwired to the network it is ok, but if you have it on a wireless point it doesn't work? If you can't hardwire it then consider swapping out the jetdirect card with something like a 380x or so...they have wireless print servers out. The problem is the way that printers talk...do you have the printer setup for DHCP or static? Try static....that might help.
  5. Can you burn it at a slower rate? Some of my PCs don't like boot CDs that are burned at 16x or so.
  6. castufari

    hopefully steve doesnt see this !!! lol

    Delusional is an understatement. 1500 of 'em, one of the largest NW networks in the world. I love it, easy to manage and we've not had any security issues.
  7. castufari

    hopefully steve doesnt see this !!! lol

    It pays the bills, which is all that matters. A classmate of mine in college said that he'd not take a job with a firm unless they were an all Linux shop. I'm working, he's not found a job in IT. I had him work with me for a bit, the first thing he said was "you need to get rid of that netware sh** and go all Linux!". Yeah, I don't think we're going to migrate 1500 servers. I'll be home on Friday, so I'll give the mini a workout then.
  8. castufari

    hopefully steve doesnt see this !!! lol

    I have a small army of Dells that I support (600+) and a few hundred HPs. For laptops, I like Dells. We had a few problems with the HP NX9010 laptops. The problems were resolved, but not to my satisfaction. For desktops, Dell or HP are fine. I would avoid the cheapest of each brand, or any brand. Truely low end PCs seem to make their way to our support desk (er, mine) more often. You get what you pay for.
  9. castufari

    My Mini shipped!

    I ordered it on Friday, it shipped today and should be here on Wednesday. Sweet. I'm about go nuts waiting for this to arrive.
  10. castufari

    How To sell an iBook G3

    Any colleges nearby? You could sell it there.
  11. castufari

    Mac Mini advertisement on Apple.com

    I ordered one of those on Friday. I was tempted to drive to an Apple store...Charlotte is 2 hours away, the one in Peachtree is about 3 hours away but wasn't in the mood to sit in the car, especially since I26 out of town was a parking lot for about 13 miles. That ad is a tad misleading but it does say "From". Look at the car ads, you look and think "damn, all that for xxk?" then at the bottom is says "price as shown, xxk". With the Mini you can't tell them apart from looking.
  12. castufari

    CD/DVD cataloging software

    I'm looking for an application that will allow me to catalog my software like WinCatalog Light (http://www.wincatalog.com/) does. Most of these are data archives....with WinCatalog I'd insert the media, it would scan then build a list of what was on the disk. If I needed something I'd open WinCatalog then search for the item, the results would tell me what media it was on. Anything like that for the mac?
  13. castufari

    Ordering a Mini this w/e

    W00t. That was mostly easy, it would have been easier if they had skipped trying to sell me a bunch of stuff I don't need, but the sales guy was nice. 1.4Ghz, 512, combo, blue tooth, airport. Shipping today.
  14. castufari

    Ordering a Mini this w/e

    I called, they're single layer. I'll wait and get a LaCie external. /me waits patiently for the sales people to get to his call //beats driving 3 hours to the store
  15. castufari

    How To sell an iBook G3

    Does it come with all of the installation media for that software, or is the software preinstalled?
×