Vulnerability Note VU#354486
Apple Mac OS X Server NetInfo Setup Tool fails to validate command line parameters
Apple Mac OS X Server NeST tool contains a vulnerability in the processing of command line arguments that could allow an attacker to execute arbitrary code.
NeST is the NetInfo Setup Tool for Apple Mac OS X Server. There is a buffer overflow vulnerability in the way NeST performs bounds checking on command line arguments. By supplying the -target command line parameter with an overly long string of characters, a local user could execute arbitrary code on the system with privileges of the NeST process.
Please note that NeST executes with root privileges.
A local user could execute arbitrary code with privileges of the NeST process, possibly root.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer Inc.||Affected||-||13 May 2005|
CVSS Metrics (Learn More)
This vulnerability was reported by iDEFENSE Labs who acknowledges Nico for providing information concerning this vulnerability.
This document was written by Jeff Gennari.
- CVE IDs: CAN-2005-0594
- Date Public: 03 May 2005
- Date First Published: 16 May 2005
- Date Last Updated: 17 May 2005
- Severity Metric: 10.69
- Document Revision: 24
If you have feedback, comments, or additional information about this vulnerability, please send us email.