Mac OS X Alias Manager Duplicate File Name Display Weakness

2007-05-25T11:33:50
ID OSVDB:35147
Type osvdb
Reporter Greg Bolsinga()
Modified 2007-05-25T11:33:50

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when identical disk images contain files with identical names, and only one name appears. It is possible that the flaw may allow arbitrary code execution by misleading a user about the nature of a file resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

Mac OS X contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when identical disk images contain files with identical names, and only one name appears. It is possible that the flaw may allow arbitrary code execution by misleading a user about the nature of a file resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1018121 Secunia Advisory ID:25402 Related OSVDB ID: 35141 Related OSVDB ID: 35143 Related OSVDB ID: 35145 Related OSVDB ID: 35142 Related OSVDB ID: 35146 Related OSVDB ID: 35144 Mail List Post: http://lists.apple.com/archives/security-announce/2007/May/msg00004.html ISS X-Force ID: 34498 FrSIRT Advisory: ADV-2007-1939 CVE-2007-0740 Bugtraq ID: 24144