Mac OS X Mail.app Attachment AppleDouble Header Processing Buffer Overflow

2006-03-10T17:47:38
ID OSVDB:23872
Type osvdb
Reporter Kevin Finisterre(kf@digitalmunition.com)
Modified 2006-03-10T17:47:38

Description

Vulnerability Description

A remote overflow exists in Mac OS X Mail.app. The Mail.app facility fails to handle overly long Real Name entries resulting in a buffer overflow. With a specially crafted attachment in the AppleDouble format, an attacker can cause the execution of arbitrary code on a user's system resulting in a loss of integrity and/or availability.

Technical Description

This issue is present in Apple Mail.app when 'Security Update 2006-001' is applied.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, vendor has released a patch to address this vulnerability.

Short Description

A remote overflow exists in Mac OS X Mail.app. The Mail.app facility fails to handle overly long Real Name entries resulting in a buffer overflow. With a specially crafted attachment in the AppleDouble format, an attacker can cause the execution of arbitrary code on a user's system resulting in a loss of integrity and/or availability.

References:

Vendor Specific Advisory URL Security Tracker: 1015762 Secunia Advisory ID:19129 Related OSVDB ID: 23871 Related OSVDB ID: 23870 Related OSVDB ID: 23869 Related OSVDB ID: 23873 Other Advisory URL: http://www.digitalmunition.com/DMA[2006-0313a].txt Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-03/0739.html Keyword: Security Update 2006-002 Generic Informational URL: http://rfc.net/rfc1740.html Generic Exploit URL: http://www.digitalmunition.com/SuperTastey.pl FrSIRT Advisory: ADV-2006-0949 CVE-2006-0396 Bugtraq ID: 17081