|
|
|
 |
Vulnerability Note VU#878526Apple Mac OS X "cd9660.util" buffer overflowOverviewA component utility in Apple's Mac OS X operating system suffers from a buffer overflow vulnerability in its handling of command-line arguments. This vulnerability could allow a local attacker to gain elevated privileges on the vulnerable system.I. DescriptionApple's Mac OS X operating system includes a program for mounting, probing, and unmounting ISO 9660 filesystems called cd9660.util (/System/Library/Filesystems/cd9660.fs/cd9660.util). A buffer overflow defect exists in the handling of the argument supplied to the '-p' option of this program. An overly long, specially crafted string supplied on the command-line may allow an attacker to execute code of their choosing on the system. The intruder-supplied code would be executed as the root user since the cd9660.util program is setuid to root by default.II. ImpactA local attacker may be able to gain administrative (root) privileges on the vulnerable system.III. SolutionApply a patch from the vendorApple Computer, Inc. has released patches for this vulnerability. Please see the Systems Affected section of this document for more details.
as root. Users, particularly those that are not able to apply the patches, are encouraged to implement this workaround. Systems Affected
References
The CERT/CC acknowledges "Max" for the initial public report of this vulnerability. Apple, in turn, credits KF of Secure Network Operations for discovery of this vulnerability. This document was written by Chad R Dougherty.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Get Adobe Reader