Apple Mac OS X DMG UFS Byte_Swap_Sbin() Integer Overflow Vulnerability

Bugtraq ID:	22022
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 12 2007 12:00AM
Updated:	Jan 12 2007 10:10PM
Credit:	LMH <[email protected]> is credited with the discovery of this vulnerability.
Vulnerable:	Apple Mac OS X Server 10.4.8 Apple Mac OS X 10.4.8
Not Vulnerable:

Apple Mac OS X DMG UFS Byte_Swap_Sbin() Integer Overflow Vulnerability

Apple Mac OS X is prone to a remote integer-overflow vulnerability. This issue occurs when the UFS filesystem handler fails to handle specially crafted DMG images.

A successful exploit can allow a remote attacker to cause kernel panic, resulting in a denial-of-service condition.

Mac OS X 10.4.8 is vulnerable; other versions may also be affected.

Apple Mac OS X DMG UFS Byte_Swap_Sbin() Integer Overflow Vulnerability

To exploit this issue, an attacker must entice an unsuspecting user to open a malicious DMG image file.

The following exploit is available:

• /data/vulnerabilities/exploits/MOAB-11-01-2007.dmg.gz

Apple Mac OS X DMG UFS Byte_Swap_Sbin() Integer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

Apple Mac OS X DMG UFS Byte_Swap_Sbin() Integer Overflow Vulnerability

References:

• Mac OS X Homepage (Apple)
  
• MOAB-11-01-2007: Apple DMG UFS byte_swap_sbin() Integer Overflow Vulnerability (Apple Fun)