On 14/09/2004, at 4:55 PM, Richard Kay wrote:
Apple has released a revision to its 2004-09-07 Security Update,
numbered 1.1, which reportedly fixes a widespread, previously reported
FTP connectivity issue.
The problem, which disabled FTP capabilities for a number of users on
both Mac OS X 10.2.8 and Mac OS X 10.3.5 systems, generated the the
error message: "User (username) may not use FTP" in most instances.
A previously reported workaround involved replacing the patched
version of Mac OS X's FTP daemon (ftpd) with the FTP daemon from
another Mac OS X installation sans-security update.
Security Update 2004-09-07's changes to Mac OS X's FTP components are
listed by Apple as follows: "(Eliminates) a rare condition that can
permit an authenticated remote attacker to cause a denial of service
or execute arbitrary code. [...] If the FTP service has been enabled,
and a remote attacker can correctly authenticate, then a race
condition would permit them to stop the FTP service or execute
arbitrary code. The fix is to replace the lukemftpd FTP service with
tnftpd. lukemftp is installed but not activated in Mac OS X Server,
which instead uses xftp [...]."
The revised version of Security Update 2004-09-07 is available either
through Software Update.
rmkay
Hello People,
Anyone else experiencing this Security Update 2004-09-07 v1.1 showing
in Software Update after being downloaded & installed & computer
restarted?
I've also installed it again from the package in Library, but it is
still showing in Software Update.
Cheers,
Ronni
When Microsoft asks you, "Where do you want to go today?" Tell them,
"Apple!"
