Vulnerability Note VU#913820

Apple Mac OS X Directory Services contains a buffer overflow

Original Release date: 17 Aug 2005 | Last revised: 17 Aug 2005


A buffer overflow in Apple Mac OS X Directory Service's authentication process may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.


Apple Mac OS X Server Directory Service provides reading, writing, and authentication services within the Apple Open Directory Architecture. A buffer overflow exists in the authentication process used by Apple Directory Service. A buffer within an unspecified routine used by the authentication process can be overwritten via a specially crafted authentication request.

For more information, please refer to Apple Security Update 2005-007.


A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the Apple Directory Service's authentication process.


Apple a patch
Apple advises all users to apply Apple Security Update 2005-007, as it fixes this and other critical security flaws.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Apple Computer, Inc.Affected-17 Aug 2005
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



This vulnerability was reported in Apple Security Update 2005-007.

This document was written by Jeff Gennari.

Other Information

  • CVE IDs: CAN-2005-2507
  • Date Public: 15 Aug 2005
  • Date First Published: 17 Aug 2005
  • Date Last Updated: 17 Aug 2005
  • Severity Metric: 18.17
  • Document Revision: 29


If you have feedback, comments, or additional information about this vulnerability, please send us email.