Intrusion Prevention

Apple.MacOS.X.Catalog.Distribution.File.Command.Execution

Description

This indicates an attempt to exploit a man-in-the-middle vulnerability in the Software Update in Apple Mac OS X 10.5.1.
The Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server. The attack can be launched using a modified distribution definition file with the "allow-external-scripts" option.

Affected Products

Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.5
Apple Mac OS X 10.5.1
Apple Mac OS X 10.5

Impact

System compromise: remote code execution.

Recommended Actions

The vendor released an update to address this issue.
Apple Mac OS X Server 10.5.1
Apple Security Update 2007-009 (10.5.1)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16527&cat= 1&platform=osx&method=sa/SecUpd2007-009.dmg
Apple Mac OS X 10.5.1
Apple Security Update 2007-009 (10.5.1)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16527&cat= 1&platform=osx&method=sa/SecUpd2007-009.dmg

CVE References

CVE-2007-5863