Mac OS X Xcode Tools WebObjects Plugin Project Manipulation

2006-05-19T05:04:10
ID OSVDB:25889
Type osvdb
Reporter Mike Schrag()
Modified 2006-05-19T05:04:10

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a malicious user to remotely access objects within a WebObjects project through the WebObjects plugin. The issue is triggered when the included version of Xcode Tools is used, which runs as a network service and allows outside network access. It is possible that the flaw may allow remote access to WebObjects projects resulting in a loss of integrity.

Solution Description

Upgrade to version 2.3 of Xcode Tools or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Mac OS X contains a flaw that may allow a malicious user to remotely access objects within a WebObjects project through the WebObjects plugin. The issue is triggered when the included version of Xcode Tools is used, which runs as a network service and allows outside network access. It is possible that the flaw may allow remote access to WebObjects projects resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1016143 Secunia Advisory ID:20267 ISS X-Force ID: 26634 FrSIRT Advisory: ADV-2006-1950 CVE-2006-1466 Bugtraq ID: 18091