Mac OS X Apple Installer Multiple Package Filename Format Strings

2007-01-26T04:11:42
ID OSVDB:32705
Type osvdb
Reporter LMH(lmh@info-pull.com)
Modified 2007-01-26T04:11:42

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when the Installer application opens a .PKG file with a specially crafted filename, triggering a format string flaw. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

Mac OS X contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when the Installer application opens a .PKG file with a specially crafted filename, triggering a format string flaw. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1017940 Secunia Advisory ID:24966 Other Advisory URL: http://projects.info-pull.com/moab/MOAB-26-01-2007.html ISS X-Force ID: 31883 FrSIRT Advisory: ADV-2007-1470 CVE-2007-0465 Bugtraq ID: 22272