Mac OS X BOMArchiveHelper Traversal Arbitrary File Overwrite

2006-02-28T06:02:40
ID OSVDB:23641
Type osvdb
Reporter iDefense()
Modified 2006-02-28T06:02:40

Description

Vulnerability Description

Mac OS X contains a flaw that allows an attacker to create archive files which unpack to arbitrary directories which are writable by the current user. The issue is due to the BOM framework not properly sanitizing paths to be written.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch (2006-001) to address this vulnerability.

Short Description

Mac OS X contains a flaw that allows an attacker to create archive files which unpack to arbitrary directories which are writable by the current user. The issue is due to the BOM framework not properly sanitizing paths to be written.

References:

Vendor Specific Advisory URL Secunia Advisory ID:19064 Related OSVDB ID: 23637 Related OSVDB ID: 23639 Related OSVDB ID: 23646 Related OSVDB ID: 23636 Related OSVDB ID: 23640 Related OSVDB ID: 23642 Related OSVDB ID: 23643 Related OSVDB ID: 23648 Related OSVDB ID: 23649 Related OSVDB ID: 23638 Related OSVDB ID: 23644 Related OSVDB ID: 23645 Related OSVDB ID: 23647 Other Advisory URL: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=399 News Article: http://www.informationweek.com/news/showArticle.jhtml;?articleID=181500394 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0789.html CVE-2006-0391