Apple Mac OS X Terminal X-Man-Path Input Validation Vulnerability
BID:13502
Info
Apple Mac OS X Terminal X-Man-Path Input Validation Vulnerability
| Bugtraq ID: | 13502 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-1342 |
| Remote: | No |
| Local: | Yes |
| Published: | May 03 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | Discovery of this issue is credited to David Remahl. |
| Vulnerable: |
Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 |
| Not Vulnerable: | |
Discussion
Apple Mac OS X Terminal X-Man-Path Input Validation Vulnerability
Apple Mac OS X Terminal is reported prone to an input validation vulnerability.
Apple Terminal allows escape characters embedded in x-man-path URI's to insert commands into a target Terminal session.
Apple Mac OS X Terminal is reported prone to an input validation vulnerability.
Apple Terminal allows escape characters embedded in x-man-path URI's to insert commands into a target Terminal session.
Exploit / POC
Apple Mac OS X Terminal X-Man-Path Input Validation Vulnerability
The following page contains a proof of concept:
http://remahl.se/david/vuln/011/demo.html
The following page contains a proof of concept:
http://remahl.se/david/vuln/011/demo.html
Solution / Fix
Apple Mac OS X Terminal X-Man-Path Input Validation Vulnerability
Solution:
Apple has released advisory (APPLE-SA-2005-05-03) to address this and other issues. Please see the referenced advisory for more information.
Apple Mac OS X 10.3.9
Apple Mac OS X Server 10.3.9
Solution:
Apple has released advisory (APPLE-SA-2005-05-03) to address this and other issues. Please see the referenced advisory for more information.
Apple Mac OS X 10.3.9
-
Apple SecUpd2005-005Pan.dmg
http://www.apple.com/support/downloads/securityupdate2005005client.htm l
Apple Mac OS X Server 10.3.9
-
Apple SecUpdSrvr2005-005Pan.dmg
http://www.apple.com/support/downloads/securityupdate2005005server.htm l
References
Apple Mac OS X Terminal X-Man-Path Input Validation Vulnerability
References:
References:
- Apple Terminal insufficient input sanitation of x-man-path: URIs vulnerability (David Remahl)
- Vendor Home Page (Apple)
- Advisories for 4 vulnerabilities addressed by Apple SU 2005-005 (David Remahl
)