Apple Mac OS X Server NeST tool contains a vulnerability in the processing of command line arguments that could allow an attacker to execute arbitrary code.
NeST is the NetInfo Setup Tool for Apple Mac OS X Server. There is a buffer overflow vulnerability in the way NeST performs bounds checking on command line arguments. By supplying the -target command line parameter with an overly long string of characters, a local user could execute arbitrary code on the system with privileges of the NeST process.
Please note that NeST executes with root privileges.
A local user could execute arbitrary code with privileges of the NeST process, possibly root.
This vulnerability was reported by iDEFENSE Labs who acknowledges Nico for providing information concerning this vulnerability.
This document was written by Jeff Gennari.
|Date First Published:||2005-05-16|
|Date Last Updated:||2005-05-17 16:00 UTC|