Mac OS X Xsan Filesystem Path Name Processing Overflow

2006-08-14T07:49:05
ID OSVDB:27994
Type osvdb
Reporter Andrew Wellington()
Modified 2006-08-14T07:49:05

Description

Vulnerability Description

A local overflow exists in Mac OS X. The included Xsan filesystem driver fails to validate path names resulting in a buffer overflow. With a specially crafted pathname, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Upgrade to Xsan filesystem driver version 1.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A local overflow exists in Mac OS X. The included Xsan filesystem driver fails to validate path names resulting in a buffer overflow. With a specially crafted pathname, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1016711 Secunia Advisory ID:21551 FrSIRT Advisory: ADV-2006-3315 CVE-2006-3506 Bugtraq ID: 19579