Vulnerability Note VU#240880

Apple Mac OS X Finder DMG volume name buffer overflow

Original Release date: 16 Feb 2007 | Last revised: 23 Feb 2007

Overview

Apple Mac OS X Finder fails to properly handle DMG files with large volume names, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Description

DMG files are disk images that can contain a variety of filesystems. Apple Mac OS X Finder contains a buffer overflow vulnerability in the handling of DMG volume names. Specifically, a DMG file with a volume name of more than 255 bytes can trigger memory corruption. Note that by default, Safari will automatically mount DMG files that are referenced in web pages.

Impact

By convincing a user to mount a specially-crafted DMG file, such as by viewing a web page with Safari, a remote, unauthenticated attacker may be able to execute code with the privileges of the user or cause a denial-of-service condition.

Solution

Apply an update

This issue is addressed in Apple Security Update 2007-002.


Disable "Open 'safe' files after downloading"

Disable the option "Open 'safe' files after downloading," as specified in the Securing Your Web Browser document. This will help prevent automatic exploitation of this and other vulnerabilities.

Systems Affected

VendorStatusDate NotifiedDate Updated
Apple Computer, Inc.Vulnerable-23 Feb 2007

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was publicly disclosed by LMH.

This document was written by Will Dormann.

Other Information

  • CVE IDs: CVE-2007-0197
  • Date Public: 09 Jan 2007
  • Date First Published: 16 Feb 2007
  • Date Last Updated: 23 Feb 2007
  • Severity Metric: 10.29
  • Document Revision: 11

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

Document Feedback

Was this document helpful?   Yes   |   Somewhat   |  No