6821 : Apple Mac OS X TruBlueEnvironment Environment Variable Local Overflow
Printer | http://osvdb.org/6821 | Email This | Edit Vulnerability

Views This Week

Views All Time

Info

Last Modified

about 1 year ago

Percent Complete

100%

Disclosure

Jan 26, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Keywords

No Keywords

Description

A local overflow exists in Mac OS X. The TruBlueEnvironment fails to validate environment variables resulting in a buffer overflow. With a specially crafted request, an attacker can escalate to root privileges resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Products

Apple Computer, Inc.	Mac OS X	10.2.x
		10.3
		10.3.1
		10.3.2

References

ISS X-Force ID: 14968
CVE ID: 2004-0089 (see also: NVD)
CERT VU: 902374
Bugtraq ID: 9509
Vendor Specific Advisory URL: http://docs.info.apple.com/article.html?artnum=61798
Other Advisory URL: http://www.atstake.com/research/advisories/2004/a012704-1.txt
Generic Informational URL: http://www.securiteam.com/securitynews/5ZP0M2ABPK.html

Credit

Dave G. - davegatstake.com - @stake, Inc.

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Keywords

Description

Classification

Solution

Products

Apple Computer, Inc.

Mac OS X

References

Credit

Blogs

Comments