Apple Mac OS X Foundation Framework vulnerable to buffer overflow via incorrect handling of an environmental variable

Overview

A buffer overflow in Mac OS X Foundation Framework’s processing of environment variables may lead to elevated privileges.

Description

A vulnerability is present Mac OS X Foundation Framework shipped in version 10.3.9 of Mac OS X and Mac OSX Server. There is a flaw in the handling of environment variables that may lead to a buffer overflow condition. It is reported that this vulnerability is locally exploitable.

---

Impact

Explotation of this vulnerability may lead to the execution of arbitrary code with elevated privileges.

---

Solution

Apple has released Security Update 2005-005 to address this issue and several other security related issues.

---

Vendor Information

582934

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Apple Computer Inc. __ Affected

Updated: May 16, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see <http://docs.info.apple.com/article.html?artnum=301528&gt;.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23582934 Feedback>).

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

• <http://secunia.com/advisories/15227/&gt;
• <http://docs.info.apple.com/article.html?artnum=301528&gt;
• <http://www.net-security.org/vulnerability.php?id=16077&gt;

Acknowledgements

Thanks to Apple Product Security for reporting this vulnerability.

This document was written by Jason A Rafail.

Other Information

CVE IDs:	CVE-2005-1336
Severity Metric:	11.95 Date Public: