Mac OS X Foundation Framework Environment Variable Overflow
Posted on 04 May 2005

Vulnerability Description

A local overflow exists in Mac OS X. The Foundation framework fails to validate an unspecified environment variable resulting in a buffer overflow. With a specially crafted request, a malicious user can cause arbitrary code execution resulting in a loss of integrity. No further details have been provided.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Products:

• Apple Computer, Inc. Mac OS X 10.3.6 Affected
• Apple Computer, Inc. Mac OS X 10.3.5 Affected
• Apple Computer, Inc. Mac OS X 10.3.4 Affected
• Apple Computer, Inc. Mac OS X 10.3 Affected
• Apple Computer, Inc. Mac OS X 10.3.1 Affected
• Apple Computer, Inc. Mac OS X 10.3.2 Affected
• Apple Computer, Inc. Mac OS X 10.3.3 Affected
• Apple Computer, Inc. Mac OS X 10.3.7 Affected
• Apple Computer, Inc. Mac OS X 10.3.8 Affected
• Apple Computer, Inc. Mac OS X 10.3.9 Affected

Vulnerability classification:

• Local vulnerability
• Input manipulation attack
• Impact on integrity
• Exploit unknown
• Verified

External references:

• Vendor URL: go there
• Secunia Advisory ID: 15227
• Vendor Specific Advisory URL: go there
• CVE ID: 2005-1336
• Bugtraq ID: 13480
• Security Tracker: 1013877

[ Vulnerabilities main page ]

The HNS Vulnerabilities section is powered by OSVDB