2007年05月28日
2007年05月25日
再見了 Mac mini
根據傳言指出,Apple 將會停產 Mac mini
不會吧,我還在等 C2D 版本的 Mac mini 推出,準備敗一台來當 Server 用的啊....Orz
要是傳言屬實,那可得趕快去收購一台回來當古董擺了...
不會吧,我還在等 C2D 版本的 Mac mini 推出,準備敗一台來當 Server 用的啊....Orz
要是傳言屬實,那可得趕快去收購一台回來當古董擺了...
Apple Security Update 2007-005
Security Update 2007-005
Alias Manager
CVE-ID: CVE-2007-0740
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact: Users may be misled into opening a substituted file
Description: In certain circumstances, an implementation issue in Alias Manager will not show identically-named files contained in identically-named mounted disk images. By enticing a user to mount two identically-named disk images, an attacker could mislead the user into opening a malicious program. This update addresses the issue by performing additional validation of mountpaths. Credit to Greg Bolsinga of Blurb, Inc. for reporting this issue.
BIND
CVE-ID: CVE-2007-0493, CVE-2007-0494, CVE-2006-4095, CVE-2006-4096
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact: Multiple vulnerabilities in BIND, the most serious of which is remote denial of service
Description: BIND is updated to version 9.3.4. Further information is available via the ISC web site at http://www.isc.org/index.pl?/sw/bind/
CoreGraphics
CVE-ID: CVE-2007-0750
Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Description: An integer overflow vulnerability exists in the handling of PDF files. By enticing a user to open a maliciously crafted PDF file, an attacker could trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PDF files. This issue does not affect systems prior to Mac OS X v10.4.
crontabs
CVE-ID: CVE-2007-0751
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact: The daily /tmp cleanup script may lead to a denial of service
Description: Filesystems mounted in the /tmp directory may be deleted when the daily cleanup script is executed, which may lead to a denial of service. This update addresses the issues by updating the daily cleanup script to prevent find commands from descending into mounted filesystems.
fetchmail
CVE-ID: CVE-2007-1558
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact: fetchmail password disclosure may be possible
Description: fetchmail is updated to version 6.3.8 to address a cryptographic weakness that could lead to the disclosure of fetchmail passwords. Further information is available via the fetchmail web site at http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt
file
CVE-ID: CVE-2007-1536
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact: Running the file command on a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow vulnerability exists in the file command line tool, which may lead to an unexpected application termination or arbitrary code execution. This update addresses by performing additional validation of files that are passed to the file command.
iChat
CVE-ID: CVE-2007-2390
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution
Description: A buffer overflow vulnerability exists in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in iChat. By sending a maliciously crafted packet, an attacker on the local network can trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation when processing UPnP protocol packets in iChat.
mDNSResponder
CVE-ID: CVE-2007-2386
Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution
Description: A buffer overflow vulnerability exists in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in the OS X mDNSResponder implementation. By sending a maliciously crafted packet, an attacker on the local network can trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation when processing UPnP protocol packets. This issue does not affect systems prior to Mac OS X v10.4. Credit to Michael Lynn of Juniper Networks for reporting this issue.
PPP
CVE-ID: CVE-2007-0752
Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact: A local user may obtain system privileges
Description: An implementation issue exists in the PPP daemon when loading plugins via the command line, which allows a local user to obtain system privileges. This update addresses the issue through validation of user privileges. This issue does not affect systems prior to Mac OS X v10.4. Credit to an anonymous researcher working with the iDefense VCP for reporting this issue.
ruby
CVE-ID: CVE-2006-5467, CVE-2006-6303
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact: Denial of service vulnerabilities in the Ruby CGI library
Description: Multiple denial of service issues exist in the Ruby CGI library. By sending maliciously crafted HTTP requests to a web application using cgi.rb, an attacker could trigger an issue which may lead to a denial of service. This update addresses the issues by applying the Ruby patches.
screen
CVE-ID: CVE-2006-4573
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact: Multiple denial of service vulnerabilities in GNU Screen
Description: The screen command line tool is updated to address multiple denial of service vulnerabilities. Further information is available via the GNU web site at http://lists.gnu.org/archive/html/screen-users/2006-10/msg00028.html
texinfo
CVE-ID: CVE-2005-3011
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact: A vulnerability in texinfo may allow arbitrary files to be overwritten
Description: A file handling issue exists in texinfo, which may allow a local user to create or overwrite files with the privileges of the user running texinfo. This update addresses the issue through improved handling of temporary files.
VPN
CVE-ID: CVE-2007-0753
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact: A local user may obtain system privileges
Description: A format string vulnerability exists in vpnd. By running the vpnd command with maliciously crafted arguments, a local user can trigger the vulnerability which may lead to arbitrary code execution with system privileges. This update addresses the issue by performing additional validation of the arguments passed to vpnd. Credit to Chris Anley of NGSSoftware for reporting this issue.
Alias Manager
CVE-ID: CVE-2007-0740
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact: Users may be misled into opening a substituted file
Description: In certain circumstances, an implementation issue in Alias Manager will not show identically-named files contained in identically-named mounted disk images. By enticing a user to mount two identically-named disk images, an attacker could mislead the user into opening a malicious program. This update addresses the issue by performing additional validation of mountpaths. Credit to Greg Bolsinga of Blurb, Inc. for reporting this issue.
BIND
CVE-ID: CVE-2007-0493, CVE-2007-0494, CVE-2006-4095, CVE-2006-4096
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact: Multiple vulnerabilities in BIND, the most serious of which is remote denial of service
Description: BIND is updated to version 9.3.4. Further information is available via the ISC web site at http://www.isc.org/index.pl?/sw/bind/
CoreGraphics
CVE-ID: CVE-2007-0750
Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Description: An integer overflow vulnerability exists in the handling of PDF files. By enticing a user to open a maliciously crafted PDF file, an attacker could trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PDF files. This issue does not affect systems prior to Mac OS X v10.4.
crontabs
CVE-ID: CVE-2007-0751
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact: The daily /tmp cleanup script may lead to a denial of service
Description: Filesystems mounted in the /tmp directory may be deleted when the daily cleanup script is executed, which may lead to a denial of service. This update addresses the issues by updating the daily cleanup script to prevent find commands from descending into mounted filesystems.
fetchmail
CVE-ID: CVE-2007-1558
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact: fetchmail password disclosure may be possible
Description: fetchmail is updated to version 6.3.8 to address a cryptographic weakness that could lead to the disclosure of fetchmail passwords. Further information is available via the fetchmail web site at http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt
file
CVE-ID: CVE-2007-1536
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact: Running the file command on a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow vulnerability exists in the file command line tool, which may lead to an unexpected application termination or arbitrary code execution. This update addresses by performing additional validation of files that are passed to the file command.
iChat
CVE-ID: CVE-2007-2390
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution
Description: A buffer overflow vulnerability exists in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in iChat. By sending a maliciously crafted packet, an attacker on the local network can trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation when processing UPnP protocol packets in iChat.
mDNSResponder
CVE-ID: CVE-2007-2386
Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution
Description: A buffer overflow vulnerability exists in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in the OS X mDNSResponder implementation. By sending a maliciously crafted packet, an attacker on the local network can trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation when processing UPnP protocol packets. This issue does not affect systems prior to Mac OS X v10.4. Credit to Michael Lynn of Juniper Networks for reporting this issue.
PPP
CVE-ID: CVE-2007-0752
Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact: A local user may obtain system privileges
Description: An implementation issue exists in the PPP daemon when loading plugins via the command line, which allows a local user to obtain system privileges. This update addresses the issue through validation of user privileges. This issue does not affect systems prior to Mac OS X v10.4. Credit to an anonymous researcher working with the iDefense VCP for reporting this issue.
ruby
CVE-ID: CVE-2006-5467, CVE-2006-6303
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact: Denial of service vulnerabilities in the Ruby CGI library
Description: Multiple denial of service issues exist in the Ruby CGI library. By sending maliciously crafted HTTP requests to a web application using cgi.rb, an attacker could trigger an issue which may lead to a denial of service. This update addresses the issues by applying the Ruby patches.
screen
CVE-ID: CVE-2006-4573
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact: Multiple denial of service vulnerabilities in GNU Screen
Description: The screen command line tool is updated to address multiple denial of service vulnerabilities. Further information is available via the GNU web site at http://lists.gnu.org/archive/html/screen-users/2006-10/msg00028.html
texinfo
CVE-ID: CVE-2005-3011
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact: A vulnerability in texinfo may allow arbitrary files to be overwritten
Description: A file handling issue exists in texinfo, which may allow a local user to create or overwrite files with the privileges of the user running texinfo. This update addresses the issue through improved handling of temporary files.
VPN
CVE-ID: CVE-2007-0753
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact: A local user may obtain system privileges
Description: A format string vulnerability exists in vpnd. By running the vpnd command with maliciously crafted arguments, a local user can trigger the vulnerability which may lead to arbitrary code execution with system privileges. This update addresses the issue by performing additional validation of the arguments passed to vpnd. Credit to Chris Anley of NGSSoftware for reporting this issue.
2007年05月24日
2007年05月21日
NDSL
Wii 很熱門,但目前電玩界的真正霸主,則是 NDSL
因為玩 Wii 才接觸 NDSL,最後還是敗了...Orz
Wii 適合多人一起同樂,不過,我都是一個人在玩,或許 NDSL 才是更適合我的主機
目前手邊的 3C 電子產品有:
Canon DC、SE Mobile Phone、iPod nano、NDSL 等等
一次出門都得帶好多個出去
我真正想要的是一台:
能夠打電話
能夠照相、錄影
能夠聽音樂、看照片、影片
還能夠玩遊戲
如果還有 PDA 功能及 GPS 系統
那就更完美了
不知道要等到哪天,我才能只帶一台機器出門,就可以符合以上所有我的需求...:p
因為玩 Wii 才接觸 NDSL,最後還是敗了...Orz
Wii 適合多人一起同樂,不過,我都是一個人在玩,或許 NDSL 才是更適合我的主機
目前手邊的 3C 電子產品有:
Canon DC、SE Mobile Phone、iPod nano、NDSL 等等
一次出門都得帶好多個出去
我真正想要的是一台:
能夠打電話
能夠照相、錄影
能夠聽音樂、看照片、影片
還能夠玩遊戲
如果還有 PDA 功能及 GPS 系統
那就更完美了
不知道要等到哪天,我才能只帶一台機器出門,就可以符合以上所有我的需求...:p
2007年05月9日
2007年05月8日
丁丁是個名人
最近丁丁爆紅,各大部落都在上演丁丁大戰野狗大的戲碼
丁丁頻頻放大絕,殺得野狗大爆氣紅血
終於惹火了野狗大,逼得野狗大紅血爆氣放無雙,展開絕地大反擊
丁丁真的不只是個人才,丁丁還是個不折不扣腦袋淨重 2074g 的名人 (2074=乎恁氣死)
在 Wii 頭腦柔軟體操學院的測試下,有圖有真相:
高達 481g 的數字能力 (難怪那麼會賺錢)
只有 361g 的分析能力 (難怪常常出包)
只有 335g 的知覺能力 (難怪不知不覺,不管用戶怎麼罵都沒用...XD)
原丁丁是個人才的圖:
5/10 Update:
丁丁頻頻放大絕,殺得野狗大爆氣紅血
終於惹火了野狗大,逼得野狗大紅血爆氣放無雙,展開絕地大反擊
丁丁真的不只是個人才,丁丁還是個不折不扣腦袋淨重 2074g 的名人 (2074=乎恁氣死)
在 Wii 頭腦柔軟體操學院的測試下,有圖有真相:
高達 481g 的數字能力 (難怪那麼會賺錢)
只有 361g 的分析能力 (難怪常常出包)
只有 335g 的知覺能力 (難怪不知不覺,不管用戶怎麼罵都沒用...XD)
原丁丁是個人才的圖:
5/10 Update:
2007年05月7日
2007年05月6日
Wii 頭腦柔軟體操學院的成績公開 (有圖有真相)
目前我最高 1981g 9段
學科成績 2122g
18白金
41金
1銀
全打出來了...
最高有 537g
登錄的8人都在8段以上,兩個9段
我的 Wii Number 5506 2963 6411 5706 / candyz
大家來交流成績吧...
鄉民都會說:「PO文不附圖,此風不可長。」「靠么,圖咧?」
所以,有圖有真相...
BTW:
看不懂日文的,dentalmao's blog 裡有整理一份對照表,可以去參考(感謝啦)
學科成績 2122g
18白金
41金
1銀
全打出來了...
最高有 537g
登錄的8人都在8段以上,兩個9段
我的 Wii Number 5506 2963 6411 5706 / candyz
大家來交流成績吧...
鄉民都會說:「PO文不附圖,此風不可長。」「靠么,圖咧?」
所以,有圖有真相...
BTW:
看不懂日文的,dentalmao's blog 裡有整理一份對照表,可以去參考(感謝啦)
![[Syndicate this site]](http://blog.roodo.com/_img/rss.gif "Syndicate RSS feed"){kind=small}
![[Syndicate this site]](http://blog.roodo.com/_img/atom.gif "Syndicate ATOM feed"){kind=small}
