Vulnerability Note VU#878526

Apple Mac OS X "cd9660.util" buffer overflow

Original Release date: 15 Mar 2004 | Last revised: 15 Mar 2004

Overview

A component utility in Apple's Mac OS X operating system suffers from a buffer overflow vulnerability in its handling of command-line arguments. This vulnerability could allow a local attacker to gain elevated privileges on the vulnerable system.

Description

Apple's Mac OS X operating system includes a program for mounting, probing, and unmounting ISO 9660 filesystems called cd9660.util (/System/Library/Filesystems/cd9660.fs/cd9660.util). A buffer overflow defect exists in the handling of the argument supplied to the '-p' option of this program. An overly long, specially crafted string supplied on the command-line may allow an attacker to execute code of their choosing on the system. The intruder-supplied code would be executed as the root user since the cd9660.util program is setuid to root by default.

Impact

A local attacker may be able to gain administrative (root) privileges on the vulnerable system.

Solution

Apply a patch from the vendor

Apple Computer, Inc. has released patches for this vulnerability. Please see the Systems Affected section of this document for more details.

Workarounds


Remove the setuid permission from the cd9660.util program. This can be accomplished by executing the following command:

    chmod u-s /System/Library/Filesystems/cd9660.fs/cd9660.util

as root. Users, particularly those that are not able to apply the patches, are encouraged to implement this workaround.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Apple Computer Inc.Affected-15 Mar 2004
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

The CERT/CC acknowledges "Max" for the initial public report of this vulnerability. Apple, in turn, credits KF of Secure Network Operations for discovery of this vulnerability.

This document was written by Chad R Dougherty.

Other Information

  • CVE IDs: CAN-2003-1006
  • Date Public: 15 Dec 2003
  • Date First Published: 15 Mar 2004
  • Date Last Updated: 15 Mar 2004
  • Severity Metric: 7.70
  • Document Revision: 8

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.