Apple Mac OS X TruBlueEnvironment Local Buffer Overflow Vulnerability
BID:9509
Info
Apple Mac OS X TruBlueEnvironment Local Buffer Overflow Vulnerability
| Bugtraq ID: | 9509 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2004-0089 |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 27 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | Discovery of this vulnerability has been credited to Dave G. of @stake, Inc. |
| Vulnerable: |
Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.1.5 Apple Mac OS X Server 10.1.4 Apple Mac OS X Server 10.1.3 Apple Mac OS X Server 10.1.2 Apple Mac OS X Server 10.1.1 Apple Mac OS X Server 10.1 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 Apple Mac OS X 10.2.8 Apple Mac OS X 10.2.7 Apple Mac OS X 10.2.6 Apple Mac OS X 10.2.5 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2 Apple Mac OS X 10.1.5 Apple Mac OS X 10.1.4 Apple Mac OS X 10.1.3 Apple Mac OS X 10.1.2 Apple Mac OS X 10.1.1 Apple Mac OS X 10.1 |
| Not Vulnerable: | |
Discussion
Apple Mac OS X TruBlueEnvironment Local Buffer Overflow Vulnerability
Apple Mac OS X TruBlueEnvironment has been reported prone to a local buffer overflow vulnerability. The issue has been reported to exist due to a lack of sufficient boundary checks performed on data contained in Environment variables, before they are copied into a reserved buffer in TruBlueEnvironment stack based memory.
It should be noted that this vulnerability was originally described as an unspecified issue in 9504. It is now being assigned a unique BID.
Apple Mac OS X TruBlueEnvironment has been reported prone to a local buffer overflow vulnerability. The issue has been reported to exist due to a lack of sufficient boundary checks performed on data contained in Environment variables, before they are copied into a reserved buffer in TruBlueEnvironment stack based memory.
It should be noted that this vulnerability was originally described as an unspecified issue in 9504. It is now being assigned a unique BID.
Exploit / POC
Apple Mac OS X TruBlueEnvironment Local Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Apple Mac OS X TruBlueEnvironment Local Buffer Overflow Vulnerability
Solution:
Apple has released a Security Update to address these issues in various versions of Mac OS X. These fixes may be applied manually or via the Software Update pane in System Preferences.
Apple Mac OS X Server 10.1.5
Apple Mac OS X 10.1.5
Apple Mac OS X 10.2.8
Apple Mac OS X Server 10.2.8
Apple Mac OS X 10.3.2
Apple Mac OS X Server 10.3.2
Solution:
Apple has released a Security Update to address these issues in various versions of Mac OS X. These fixes may be applied manually or via the Software Update pane in System Preferences.
Apple Mac OS X Server 10.1.5
-
Apple SecurityUpd2004-01-26P.dmg
http://www.info.apple.com/kbnum/n120303
Apple Mac OS X 10.1.5
-
Apple SecurityUpd2004-01-26P.dmg
http://www.info.apple.com/kbnum/n120303
Apple Mac OS X 10.2.8
-
Apple SecurityUpd2004-01-26Jag.dmg
http://www.info.apple.com/kbnum/n120302
Apple Mac OS X Server 10.2.8
-
Apple SecUpdSrvr2004-01-26Jag.dmg
http://www.info.apple.com/kbnum/n120304
Apple Mac OS X 10.3.2
-
Apple SecurityUpd2004-01-26Pan.dmg
http://www.info.apple.com/kbnum/n120301
Apple Mac OS X Server 10.3.2
-
Apple SecUpdSrvr2004-01-26Pan.dmg
http://www.info.apple.com/kbnum/n120300
References
Apple Mac OS X TruBlueEnvironment Local Buffer Overflow Vulnerability
References:
References:
- TruBlueEnvironment Buffer Overflow (@stake)