Mac OS X FTP Server Path Name Overflow

2006-05-12T07:02:39
ID OSVDB:25589
Type osvdb
Reporter OSVDB
Modified 2006-05-12T07:02:39

Description

Vulnerability Description

A remote overflow exists in Mac OS X. The FTP server fails to handle several unspecified boundary conditions resulting in a buffer overflow. With a specially crafted request, an authenticated user can cause arbitrary code execution with the privileges of the FTP server resulting in a loss of integrity.

Technical Description

An attacker must supply valid authentication credentials in order to exploit this vulnerability.

Solution Description

Install Apple Security Update 2006-003, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in Mac OS X. The FTP server fails to handle several unspecified boundary conditions resulting in a buffer overflow. With a specially crafted request, an authenticated user can cause arbitrary code execution with the privileges of the FTP server resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1016084 Secunia Advisory ID:20077 Related OSVDB ID: 25590 Related OSVDB ID: 25592 Related OSVDB ID: 25593 Related OSVDB ID: 25583 Related OSVDB ID: 25585 Related OSVDB ID: 25598 Related OSVDB ID: 25600 Related OSVDB ID: 25586 Related OSVDB ID: 25588 Related OSVDB ID: 25591 Related OSVDB ID: 25595 Related OSVDB ID: 25597 Related OSVDB ID: 25584 Related OSVDB ID: 25594 Related OSVDB ID: 25599 ISS X-Force ID: 26411 FrSIRT Advisory: ADV-2006-1779 CVE-2006-1445 CERT: TA06-132A Bugtraq ID: 17951