SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information

Report a Vulnerability

 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#147587

Mac OS X utility gm4 contains format string vulnerability

Overview

The gm4 utility of Mac OS X contains a buffer overflow, which may allow a root compromise through other programs.

I. Description

The gm4 utility of Mac OS X contains a buffer overflow. Some setuid root programs on Mac OS X may rely on gm4, possibly allowing a root compromise through these programs.

II. Impact

An attacker may gain root privileges on the Mac OS X system.

III. Solution

The CERT/CC is currently unaware of a practical solution to this problem.

None.

Systems Affected

VendorStatusDate NotifiedDate Updated
Apple Computer Inc.Unknown8-Dec-2001

References

Credit

Thanks to KF for reporting this vulnerability.

This document was written by Shawn Van Ittersum.

Other Information

Date Public:2001-10-22
Date First Published:2002-09-23
Date Last Updated:2003-04-11
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Severity Metric:7.70
Document Revision:12

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2002 Carnegie Mellon University
Disclaimers and copyright information
Get a PDF Reader