Mac OS X Apple Type Services (ATS) font File Handling Overflow

2006-11-14T07:04:00
ID OSVDB:30737
Type osvdb
Reporter OSVDB
Modified 2006-11-14T07:04:00

Description

Vulnerability Description

A local overflow exists in Mac OS X. The Apple Type Services (ATS) server fails to validate font files resulting in a stack buffer overflow. With a specially crafted font file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

A local overflow exists in Mac OS X. The Apple Type Services (ATS) server fails to validate font files resulting in a stack buffer overflow. With a specially crafted font file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1017301 Secunia Advisory ID:23155 Related OSVDB ID: 30729 Related OSVDB ID: 30732 Related OSVDB ID: 30736 Related OSVDB ID: 30726 Related OSVDB ID: 30727 Related OSVDB ID: 30735 Related OSVDB ID: 30738 Related OSVDB ID: 30728 Related OSVDB ID: 30731 Related OSVDB ID: 30733 Related OSVDB ID: 30734 Related OSVDB ID: 30739 Related OSVDB ID: 30730 News Article: http://news.com.com/Apple+Mac+OS+X+patch+plugs+31+vulnerabilities/2100-1002_3-6139117.html FrSIRT Advisory: ADV-2006-4750 CVE-2006-4400 CERT VU: 835936 Bugtraq ID: 21335