Mac OS X LibSystem Memory Request Overflow

2006-02-28T06:02:40
ID OSVDB:23644
Type osvdb
Reporter Neil Archibald()
Modified 2006-02-28T06:02:40

Description

Vulnerability Description

A local overflow exists in Mac OS X. LibSystem fails to validate requests for large amounts of memory resulting in a heap overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch (2006-001) to address this vulnerability.

Short Description

A local overflow exists in Mac OS X. LibSystem fails to validate requests for large amounts of memory resulting in a heap overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Secunia Advisory ID:19064 Related OSVDB ID: 23637 Related OSVDB ID: 23639 Related OSVDB ID: 23646 Related OSVDB ID: 23636 Related OSVDB ID: 23640 Related OSVDB ID: 23641 Related OSVDB ID: 23642 Related OSVDB ID: 23643 Related OSVDB ID: 23648 Related OSVDB ID: 23649 Related OSVDB ID: 23638 Related OSVDB ID: 23645 Related OSVDB ID: 23647 News Article: http://www.informationweek.com/news/showArticle.jhtml;?articleID=181500394 ISS X-Force ID: 25026 FrSIRT Advisory: ADV-2006-0791 CVE-2005-3706 Bugtraq ID: 16907