Apple Mac OS X Directory Services contains a buffer overflow

Overview

A buffer overflow in Apple Mac OS X Directory Service’s authentication process may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Description

Apple Mac OS X Server Directory Service provides reading, writing, and authentication services within the Apple Open Directory Architecture. A buffer overflow exists in the authentication process used by Apple Directory Service. A buffer within an unspecified routine used by the authentication process can be overwritten via a specially crafted authentication request.

For more information, please refer to Apple Security Update 2005-007.

---

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the Apple Directory Service’s authentication process.

---

Solution

Apple a patch
Apple advises all users to apply Apple Security Update 2005-007, as it fixes this and other critical security flaws.

---

Vendor Information

913820

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Apple Computer, Inc. Affected

Updated: August 17, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

• <http://secunia.com/advisories/16449/&gt;
• <http://docs.info.apple.com/article.html?artnum=302163&gt;

Acknowledgements

This vulnerability was reported in Apple Security Update 2005-007.

This document was written by Jeff Gennari.

Other Information

CVE IDs:	CVE-2005-2507
Severity Metric:	18.17 Date Public: