Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > June 2007 > Apple Security Advisory - APPLE-SA-2007-06-20 Mac OS X v10.4.10

June 2007

Apple Security Advisory - APPLE-SA-2007-06-20 Mac OS X v10.4.10

ID: 142
Ref: 87/2007
Date: 30 June 2007:23:11:39
Version: 1
Title: Apple Security Advisory - APPLE-SA-2007-06-20 Mac OS X v10.4.10
Abstract: Depending on network topology and capacity, the reception of specially crafted IP V6 packets may lead to a reduction in network bandwidth.
Vendors affected: Apple
Operating systems affected: Apple
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2007-06-20 Mac OS X v10.4.10

Mac OS X v10.4.10 is now available and addresses the following security
issue. Mac OS X v10.4.10 also provides additional functionality changes,
and information is available in its release note.

Networking

CVE-ID: CVE-2007-2242

Available for: Mac OS X v10.4 through Mac OS X v10.4.9, Mac OS X Server
v10.4 through Mac OS X Server v10.4.9

Impact: Remote attackers may be able to adversely affect network performance

Description: A design issue exists in the IPv6 protocol's handling of type
0 routing headers. Depending on network topology and capacity, the
reception of specially crafted IPv6 packets may lead to a reduction in
network bandwidth. This update addresses the issue by disabling the
support for type 0 routing headers. This issue does not affect systems
prior to Mac OS X v10.4.

Mac OS X v10.4.10 may be obtained from the Software Update pane in System
Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

For Mac OS X v10.4.9 (PowerPC)
The download file is named: "MacOSXUpd10.4.10PPC.dmg"
Its SHA-1 digest is: 9894afbafcc1deb9c331bba2e847a0884059e6aa

For Mac OS X v10.4 (PowerPC) through v10.4.8 (PowerPC) The download file
is named: "MacOSXUpdCombo10.4.10PPC.dmg"
Its SHA-1 digest is: 7c40b6296b9a8a8845a776597a89a8795c391a19

For Mac OS X v10.4.9 (Intel)
The download file is named: "MacOSXUpd10.4.10Intel.dmg"
Its SHA-1 digest is: 0d3abab73af3370699bbe5389513511a1ba8b8fd

For Mac OS X v10.4.4 (Intel) through v10.4.8 (Intel) The download file is
named: "MacOSXUpdCombo10.4.10Intel.dmg"
Its SHA-1 digest is: d3e72724dccda1c10a3ed393a262145fba105f55

For Mac OS X Server v10.4.9 (PowerPC)
The download file is named: "MacOSXServerUpd10.4.10PPC.dmg"
Its SHA-1 digest is: 9901cfdb6f3dd3a01bdde43b8a3fbc2d1ebfc8b9

For Mac OS X Server v10.4 through v10.4.8 (PowerPC) The download file is
named: "MacOSXSrvrCombo10.4.10PPC.dmg"
Its SHA-1 digest is: 434334396f2cfd4b9e23124d7f00d5ca3a64fd03

For Mac OS X Server v10.4.7 through v10.4.9 (Universal) The download file
is named: "MacOSXSrvrCombo10.4.10Univ.dmg"
Its SHA-1 digest is: f46d19a88f0439f4dc91bc9c1217b60e681c5470

Information will also be posted to the Apple Security Updates web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key, and details
are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)

iQEVAwUBRnmNkcgAoqu4Rp5tAQhmTQgAk40wWT2RcRgqQ3DfD6IcabBO3VLExX3z
Y78ofoMTwj/XCg1SAwrJNktlkG2Hd9FIIWPEDwuvYkqRJOc2trtttgFeLQ3AUqr2
YI2KOa+PQVOr6mhByXYHNaDSrhaZRrgWDAWVK7y7TY0pGHdhUzKqeqJ+gdyiV+JR
ayLOJ2KIVJqvMUaYgHa5DzxfvmqHdcYCsuLxVSeCFU8/u+XY351KlkvB3Edq1CYF
FUo+jaSjob/VqHLuXwla67rfPYNgqBto20kmJ4ixjbZ0uZUq7xlRSmHV1ybyRX3v
bt7iqrLlhXdWH6IdASUxMXagK4DQM2nKYvSkGJkNT5EidNFTok/UjA==
=pWPj
-----END PGP SIGNATURE-----
__________________________________________________________________________

CPNI values your feedback.

1. Which of the following most reflects the value of the advisory to you?
(Place an 'X' next to your choice)

Very useful:__ Useful:__ Not useful:__

2. If you did not find it useful, why not?


3. Any other comments? How could we improve our advisories?


Thank you for your contribution.
___________________________________________________________________________

CPNI wishes to acknowledge the contributions of Apple for the
information contained in this advisory.
___________________________________________________________________________

This advisory contains information released by the original author. Some
of the information may have changed since it was released. If the issue
affects you, it may be prudent to retrieve the advisory from the site of
the original source to ensure that you receive the most current
information concerning that problem.

Reference to any specific commercial product, process, or service by trade
name, trademark manufacturer, or otherwise, does not constitute or imply
its endorsement, recommendation, or favouring by CPNI. The views and
opinions of authors expressed within this notice shall not be used for
advertising or product endorsement purposes.

CPNI shall not accept responsibility for any errors or omissions contained
within this advisory. In particular, they shall not be liable for any loss
or damage whatsoever, arising from or in connection with the usage of
information contained within this advisory.

CPNI is a member of the Forum of Incident Response and Security Teams
(FIRST) and has contacts with other international Incident Response Teams
(IRTs) in order to foster cooperation and coordination in incident
prevention, to prompt rapid reaction to incidents, and to promote
information sharing amongst its members and the community at large.
___________________________________________________________________________

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |