Apple Mac OS X NetInfo Setup Tool Local Buffer Overflow Vulnerability
BID:13486
Info
Apple Mac OS X NetInfo Setup Tool Local Buffer Overflow Vulnerability
| Bugtraq ID: | 13486 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-0594 |
| Remote: | No |
| Local: | Yes |
| Published: | May 03 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | Discovery is credited to Nico. |
| Vulnerable: |
Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 |
| Not Vulnerable: | |
Discussion
Apple Mac OS X NetInfo Setup Tool Local Buffer Overflow Vulnerability
NeST is prone to a local buffer overflow vulnerability.
The vulnerability presents itself when the application handles excessive string values through a command line parameter.
An attacker can gain superuser privileges by exploiting this issue.
This issue was initially reported in BID 13480 (Apple Mac OS X Multiple Vulnerabilities). Due to the availability of more information, this issue is being assinged a new BID.
NeST is prone to a local buffer overflow vulnerability.
The vulnerability presents itself when the application handles excessive string values through a command line parameter.
An attacker can gain superuser privileges by exploiting this issue.
This issue was initially reported in BID 13480 (Apple Mac OS X Multiple Vulnerabilities). Due to the availability of more information, this issue is being assinged a new BID.
Exploit / POC
Apple Mac OS X NetInfo Setup Tool Local Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Apple Mac OS X NetInfo Setup Tool Local Buffer Overflow Vulnerability
Solution:
Apple has released advisory (APPLE-SA-2005-05-03) to address this and other issues. Please see the referenced advisory for more information.
Apple Mac OS X Server 10.3.9
Solution:
Apple has released advisory (APPLE-SA-2005-05-03) to address this and other issues. Please see the referenced advisory for more information.
Apple Mac OS X Server 10.3.9
-
Apple SecUpdSrvr2005-005Pan.dmg
http://www.apple.com/support/downloads/securityupdate2005005server.htm l
References
Apple Mac OS X NetInfo Setup Tool Local Buffer Overflow Vulnerability
References:
References:
- Mac OS X Server NeST -target Buffer Overflow Vulnerability (iDEFENSE)
- Vendor Home Page (Apple)