Mac OS X rsync Extended Attribute Transfer Remote Overflow

2006-02-28T06:02:40
ID OSVDB:23648
Type osvdb
Reporter Jan-Derk Bakker()
Modified 2006-02-28T06:02:40

Description

Vulnerability Description

A remote overflow exists in Mac OS X. The rsync server fails to validate extended attributes resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch (2006-001) to address this vulnerability.

Short Description

A remote overflow exists in Mac OS X. The rsync server fails to validate extended attributes resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Secunia Advisory ID:19064 Related OSVDB ID: 23637 Related OSVDB ID: 23639 Related OSVDB ID: 23646 Related OSVDB ID: 23636 Related OSVDB ID: 23640 Related OSVDB ID: 23641 Related OSVDB ID: 23642 Related OSVDB ID: 23643 Related OSVDB ID: 23649 Related OSVDB ID: 23638 Related OSVDB ID: 23644 Related OSVDB ID: 23645 Related OSVDB ID: 23647 News Article: http://www.informationweek.com/news/showArticle.jhtml;?articleID=181500394 FrSIRT Advisory: ADV-2006-0791 CVE-2005-3712 Bugtraq ID: 16907