Apple fixes Xsan security flaw


Apple Computer Inc. has fixed a security flaw attackers could exploit in its Xsan file system software to launch malicious code or crash vulnerable machines.

The flaw is of particular concern to enterprises that use Apple's latest operating system, as Xsan enables the creation of an enterprise class storage area network (SAN) for the Mac OS X operating system and the Mac OS X Server.

The Cupertino, Calif.-based vendor said the application fails to do a proper bounds check of user-supplied input before copying it into an insufficiently sized buffer. The vulnerability presents itself at the file system driver when certain unspecified path names are processed. Apple fixes Xsan security flaw

Linked by shanmuga Saturday, 19th August 2006 7:45AM