There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
access audio avg avg 8 bios blue screen boot bsod computer connection cpu crash css dell desktop dma driver drivers dvd email error excel explorer firefox firefox 3 freeze gimp graphics hard drive hardware hijackthis hjt install internet internet explorer itunes keyboard laptop macro malware monitor motherboard network networking outlook outlook 2003 outlook 2007 outlook express pio problem problems router seo server slow sound sp3 spyware trojan usb video virtumonde virus vista vundo windows windows vista windows xp winxp wireless
Apple Macintosh
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Operating Systems > Apple Macintosh >
Mac OS X searchfs integer overflow


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

 
Thread Tools
eddie5659's Avatar
Computer Specs
Moderator with 18,344 posts.
  
Join Date: Mar 2001
Location: Bradford, England
21-Jan-2005, 06:44 PM #1
Exclamation Mac OS X searchfs integer overflow
Mac OS X version 10.3.4 and possibly other versions are vulnerable to an integer overflow in the searchfs function, caused by improper handling of the sizeofsearchparams1 and sizeofsearchparams2 variables in a fssearchblock structure. A local attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system with elevated privileges.


Platforms Affected:

Apple Computer, Inc.: Mac OS 10.3.4

http://xforce.iss.net/xforce/xfdb/18980

Regards

eddie
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream
MSM Hobbes's Avatar
Computer Specs
Distinguished Member with 6,724 posts.
  
Join Date: Apr 2004
Location: Frozen Tundra, IN - Ozarks, MO
Experience: Fuzzy & Furry
21-Jan-2005, 08:16 PM #2
Thanks for posting this! Why no word from Apple or other sources?

Also, found this too [maybe be good to have a thread just for alerts, etc.?]:

I realize that this is older, but seems similar to me?

http://www.securitytracker.com/alert...p/1011174.html
Mac OS X CoreFoundation Buffer Overflow and Library Loading Bugs Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID: 1011174
SecurityTracker URL: http://securitytracker.com/id?1011174
CVE Reference: CAN-2004-0821 , CAN-2004-0822 (Links to External Site)
Date: Sep 7 2004
Impact: Execution of arbitrary code via local system, Root access via local system, User access via local system
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10.2.8, 10.3.4, 10.3.5
Description: Two vulnerabilities were reported in Apple Mac OS X in CoreFoundation. A local user can execute arbitrary code.

Apple reported that a local user can cause an application using CoreFoundation CFPlugIn facilities to load an arbitrary user-supplied library [CVE: CAN-2004-0821] with the privileges of the application. A local user can gain elevated privileges.

The vendor credits Kikuchi Masashi with reporting this flaw.

It is also reported that a local user can modify a certain environment variable to trigger a buffer overflow in CoreFoundation [CVE: CAN-2004-0822] and execute arbitrary code with elevated privileges.

The vendor credits aaron@vtty.com with reporting this flaw.
Impact: A local user can cause arbitrary code to be executed with elevated privileges.
Solution: The vendor has released a fix as part of Security Update 2004-09-07, available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/
__________________
Mark Twain: "Twenty years from now you will be more disappointed by the things you didn't do than by the ones you did. So throw off the bowlines, Sail away from the safe harbor. Catch the trade winds in your sails. Explore. Dream."

“I like nonsense, it wakes up the brain cells. Fantasy is a necessary ingredient in living, it’s a way of looking at life through the wrong end of a telescope. Which is what I do, and that enables you to laugh at life’s realities.” - Dr. Suess
eddie5659's Avatar
Computer Specs
Moderator with 18,344 posts.
  
Join Date: Mar 2001
Location: Bradford, England
24-Jan-2005, 04:30 PM #3
I've seen a few reports on Mac's, but up till now, we never had a forum. I'll keep you updated on any that I find.

As for no notice from Apple, the one above has no remedy as of yet, so they may/may not know about it. The vendor (Apple, in this case), is usually contacted, but its up to them to issue patches, etc.

eddie
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream
Reply

« Previous Thread | Apple Macintosh | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are Off
Refbacks are Off

Related Sites: Support.com | Tech Gift Ideas | Mobile TechGuy | Advertise on TSG
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 12:41 PM.
Copyright © 1996 - 2008 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0
Powered by Cermak Technologies, Inc.