Mac OS X searchfs() System Call Kernel Overflow

2005-01-18T23:44:09
ID OSVDB:13102
Type osvdb
Reporter Dave Aitel(dave@immunitysec.com)
Modified 2005-01-18T23:44:09

Description

Vulnerability Description

A local overflow exists in Mac OS X. The searchfs() function fails to validate user-supplied values of searchblock.sizeofsearchparams1 and searchblock.sizeofsearchparams2 resulting in an integer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Upgrade to version 10.3.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A local overflow exists in Mac OS X. The searchfs() function fails to validate user-supplied values of searchblock.sizeofsearchparams1 and searchblock.sizeofsearchparams2 resulting in an integer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.apple.com/ Vendor Specific Solution URL: http://docs.info.apple.com/article.html?artnum=301327 Vendor Specific Advisory URL Secunia Advisory ID:14974 Secunia Advisory ID:13902 Other Advisory URL: http://www.immunitysec.com/downloads/nukido.pdf ISS X-Force ID: 18980 CVE-2005-0972 CERT VU: 185702 Bugtraq ID: 12295