Apple Mac OS X CoreGraphics Heap Based Buffer Overflow Vulnerability
BID:30489
Info
Apple Mac OS X CoreGraphics Heap Based Buffer Overflow Vulnerability
| Bugtraq ID: | 30489 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2008-2322 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 31 2008 12:00AM |
| Updated: | Aug 01 2008 07:37PM |
| Credit: | Pariente Kobi |
| Vulnerable: |
Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.10 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.10 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.5 |
| Not Vulnerable: | |
Discussion
Apple Mac OS X CoreGraphics Heap Based Buffer Overflow Vulnerability
Apple Mac OS X is prone to a buffer-overflow vulnerability that affects the CoreGraphics component.
Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause denial-of-service conditions.
The following versions are affected:
Mac OS X v10.4.11 and prior
Mac OS X Server v10.4.11 and prior
Mac OS X v10.5.4 and prior
Mac OS X Server v10.5.4 and prior
NOTE: This issue was previously covered in BID 30483 (Apple Mac OS X 2008-005 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.
Apple Mac OS X is prone to a buffer-overflow vulnerability that affects the CoreGraphics component.
Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause denial-of-service conditions.
The following versions are affected:
Mac OS X v10.4.11 and prior
Mac OS X Server v10.4.11 and prior
Mac OS X v10.5.4 and prior
Mac OS X Server v10.5.4 and prior
NOTE: This issue was previously covered in BID 30483 (Apple Mac OS X 2008-005 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.
Exploit / POC
Apple Mac OS X CoreGraphics Heap Based Buffer Overflow Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Apple Mac OS X CoreGraphics Heap Based Buffer Overflow Vulnerability
Solution:
The vendor has released an advisory and updates. Please see the referenced advisory for more information.
Apple Mac OS X 10.5.4
Apple Mac OS X Server 10.5.4
Solution:
The vendor has released an advisory and updates. Please see the referenced advisory for more information.
Apple Mac OS X 10.5.4
-
Apple SecUpd2008-005.dmg
For Mac OS X v10.5.4 and Mac OS X Server 10.5.4
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=20388&cat= 1&platform=osx&method=sa/SecUpd2008-005.dmg
Apple Mac OS X Server 10.5.4
-
Apple SecUpd2008-005.dmg
For Mac OS X v10.5.4 and Mac OS X Server 10.5.4
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=20388&cat= 1&platform=osx&method=sa/SecUpd2008-005.dmg
References
Apple Mac OS X CoreGraphics Heap Based Buffer Overflow Vulnerability
References:
References: