Apple Mac OS X VPND Local Buffer Overflow Vulnerability
BID:13488
Info
Apple Mac OS X VPND Local Buffer Overflow Vulnerability
| Bugtraq ID: | 13488 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-1343 CVE-2005-1271 |
| Remote: | No |
| Local: | Yes |
| Published: | May 03 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | Discovery is credited to Pieter de Boer <[email protected]>. This issue may have been independently discovered by Jason Aras as well. |
| Vulnerable: |
Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 |
| Not Vulnerable: | |
Discussion
Apple Mac OS X VPND Local Buffer Overflow Vulnerability
Apple Mac OS X vpnd is prone to a local buffer overflow vulnerability.
The vulnerability presents itself when the application handles excessive string values supplied through the '-i' command line parameter.
An attacker can gain superuser privileges by exploiting this issue.
This issue was initially reported in BID 13480 (Apple Mac OS X Multiple Vulnerabilities). Due to the availability of more information, this issue is being assinged a new BID.
Apple Mac OS X vpnd is prone to a local buffer overflow vulnerability.
The vulnerability presents itself when the application handles excessive string values supplied through the '-i' command line parameter.
An attacker can gain superuser privileges by exploiting this issue.
This issue was initially reported in BID 13480 (Apple Mac OS X Multiple Vulnerabilities). Due to the availability of more information, this issue is being assinged a new BID.
Exploit / POC
Apple Mac OS X VPND Local Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Apple Mac OS X VPND Local Buffer Overflow Vulnerability
Solution:
Apple has released security advisory APPLE-SA-2005-06-08 along with fixes dealing with this issue for Mac OS X 10.4.1. Please see the referenced advisory for more information.
Apple has released advisory (APPLE-SA-2005-05-03) to address this and other issues. Please see the referenced advisory for more information.
Apple Mac OS X 10.3.9
Apple Mac OS X Server 10.3.9
Apple Mac OS X Server 10.4.1
Apple Mac OS X 10.4.1
Solution:
Apple has released security advisory APPLE-SA-2005-06-08 along with fixes dealing with this issue for Mac OS X 10.4.1. Please see the referenced advisory for more information.
Apple has released advisory (APPLE-SA-2005-05-03) to address this and other issues. Please see the referenced advisory for more information.
Apple Mac OS X 10.3.9
-
Apple SecUpd2005-006Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=06439&plat form=osx&method=sa/SecUpd2005-006Pan.dmg -
Apple SecUpd2005-005Pan.dmg
http://www.apple.com/support/downloads/securityupdate2005005client.htm l
Apple Mac OS X Server 10.3.9
-
Apple SecUpd2005-006Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=06439&plat form=osx&method=sa/SecUpd2005-006Pan.dmg -
Apple SecUpdSrvr2005-005Pan.dmg
http://www.apple.com/support/downloads/securityupdate2005005server.htm l
Apple Mac OS X Server 10.4.1
-
Apple SecUpd2005-006Ti.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=06440&plat form=osx&method=sa/SecUpd2005-006Ti.dmg
Apple Mac OS X 10.4.1
References
Apple Mac OS X VPND Local Buffer Overflow Vulnerability
References:
References:
- Apple Mac OS X vpnd Server_id Buffer Overflow Vulnerability (iDEFENSE)
- Vendor Home Page (Apple)