 Multiple vulnerabilities have been reported in Mac OS X, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose sensitive information, or gain escalated privileges.
1) An integer overflow in the "searchfs()" system call when handling the sizeofsearchparams1
and sizeofsearchparams2 variables in a fssearchblock structure can be exploited
to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code with escalated privileges.
The vulnerability has been reported in Mac OS X 10.3.4 as of 22nd June 2004 (Darwin
kernel xnu-517.7.7). Other versions may also be affected.
Reportedly, several older NetBSD vulnerabilities including a signedness error
in the "semop()" system call still affect Mac OS X (see other references for more
information).
2) An error in the "at" setuid root utility can be exploited to disclose the contents
of arbitrary files by specifying them as job file to the "-f" command line option
and then reading the created job.
The vulnerability has been reported in Mac OS X 10.3.4 (Darwin kernel xnu-517.7.7)
and has been confirmed in Mac OS X 10.3.7 (Darwin kernel xnu-517.9.5). Other versions
may also be affected.
3) Signedness errors in the "parse_machfile()" function within the Mach-O loader
can be exploited to crash the system via a specially crafted Mach-O header.
The vulnerability has been reported in Mac OS X 10.3.7 and prior.
OPERATING SYSTEM:
Apple Macintosh OS X
SOLUTION:
Grant only trusted users access to affected systems.
PROVIDED AND/OR DISCOVERED BY:
1, 2) Immunity
3) nemo, felinemenace.org.
ORIGINAL ADVISORY:
Immunity:
http://www.immunitysec.com/downloads/nukido.pdf
felinemenace.org:
http://www.felinemenace.org/advisories/macosx.txt
OTHER REFERENCES:
Old NetBSD advisory:
ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2001-015.txt.asc
VERIFY ADVISORY:
http://secunia.com/advisories/13902/
Secunia Security Advisories
| 
Contribute :
Advanced Search :
Web Resources :
Polls :
File Repository
