Apple Installer Package Filename Format String Vulnerability
BID:22272
Info
Apple Installer Package Filename Format String Vulnerability
| Bugtraq ID: | 22272 |
| Class: | Input Validation Error |
| CVE: |
2007-0465 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 27 2007 12:00AM |
| Updated: | Apr 20 2007 05:11PM |
| Credit: | LMH is credited with discovery of this vulnerability. |
| Vulnerable: |
Apple Mac OS X Server 10.4.9 Apple Mac OS X 10.4.9 Apple Installer 2.1.5 |
| Not Vulnerable: | |
Discussion
Apple Installer Package Filename Format String Vulnerability
Apple Installer is prone to a format-string vulnerability because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.
A successful attack may crash the application or possibly allow the attacker to execute arbitrary code. This may facilitate unauthorized access or privilege escalation in the context of the user running the application.
Apple Installer Version 2.1.5 on Mac OS X 10.4.8 is vulnerable to this issue; other versions may also be affected.
Apple Installer is prone to a format-string vulnerability because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.
A successful attack may crash the application or possibly allow the attacker to execute arbitrary code. This may facilitate unauthorized access or privilege escalation in the context of the user running the application.
Apple Installer Version 2.1.5 on Mac OS X 10.4.8 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
Solution / Fix
References
Apple Installer Package Filename Format String Vulnerability
References:
References: