CVE-2005-2748

2005-10-2504:00:00

mitre

www.cve.org

cve-2005-2748

malloc function

arbitrary files

environment variable

setuid application

AI Score

Confidence

Low

EPSS

0.001

Percentile

24.0%

JSON

The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application.

References

lists.apple.com/archives/security-announce/2005/Sep/msg00002.html

secunia.com/advisories/16920/

www.auscert.org.au/5509

www.ciac.org/ciac/bulletins/p-312.shtml

www.suresec.org/advisories/adv7.pdf