Vulnerability Note VU#913820

Apple Mac OS X Directory Services contains a buffer overflow

Overview

A buffer overflow in Apple Mac OS X Directory Service's authentication process may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

I. Description

Apple Mac OS X Server Directory Service provides reading, writing, and authentication services within the Apple Open Directory Architecture. A buffer overflow exists in the authentication process used by Apple Directory Service. A buffer within an unspecified routine used by the authentication process can be overwritten via a specially crafted authentication request.

For more information, please refer to Apple Security Update 2005-007.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the Apple Directory Service's authentication process.

III. Solution

Apple a patch

Apple advises all users to apply Apple Security Update 2005-007, as it fixes this and other critical security flaws.

Systems Affected

Vendor	Status	Date Notified	Date Updated
Apple Computer, Inc.	Vulnerable	17-Aug-2005

References

http://secunia.com/advisories/16449/
http://docs.info.apple.com/article.html?artnum=302163

Credit

This vulnerability was reported in Apple Security Update 2005-007.

This document was written by Jeff Gennari.

Other Information

Date Public:	2005-08-15
Date First Published:	2005-08-17
Date Last Updated:	2005-08-17
CERT Advisory:
CVE-ID(s):	CAN-2005-2507
NVD-ID(s):	CAN-2005-2507
US-CERT Technical Alerts:
Metric:	18.17
Document Revision:	29

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Produced 2005 by US-CERT, a government organization
Disclaimers and copyright information

Get Adobe Reader