Apple Mac OS X Core Foundation Local Buffer Overflow Vulnerability

Bugtraq ID:	13224
Class:	Boundary Condition Error
CVE:	CVE-2005-0716
Remote:	No
Local:	Yes
Published:	Mar 22 2005 12:00AM
Updated:	Aug 02 2006 11:16PM
Credit:	Discovery is credited to Adriano Lima of SeedSecurity.com and an anonymous source.
Vulnerable:	Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3
Not Vulnerable:

Apple Mac OS X Core Foundation Local Buffer Overflow Vulnerability

Mac OS X is prone to a local buffer overflow in Core Foundation. Successful exploitation could result in arbitrary code execution with elevated privileges.

Apple Mac OS X Core Foundation Local Buffer Overflow Vulnerability

The following exploits are available:

• /data/vulnerabilities/exploits/13224-kf.pl
• /data/vulnerabilities/exploits/xosx-cf.c

Apple Mac OS X Core Foundation Local Buffer Overflow Vulnerability

Solution:
Apple has released an advisory (APPLE-SA-2005-03-21) and fixes to address this issue.


Apple Mac OS X Server 10.3.8

• Apple SecUpdSrvr2005-003Pan.dmg
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=05530&plat form=osx&method=sa/SecUpdSrvr2005-003Pan.dmg

Apple Mac OS X 10.3.8

• Apple SecUpd2005-003Pan.dmg
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=05529&plat form=osx&method=sa/SecUpd2005-003Pan.dmg

Apple Mac OS X Core Foundation Local Buffer Overflow Vulnerability

References:

• iDEFENSE Security Advisory 03.21.05: Mac OS X CF_CHARSET_PATH Buffer Overflow Vu ("iDefense Customer Service" )