Heap overflow

2009-04-0217:30:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

0.082 Low

EPSS

Percentile

94.4%

JSON

Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member.

CPENameOperatorVersion
mac_os_xeq10.4.3
mac_os_xeq10.2.5
mac_os_xeq10.5.2
mac_os_xeq10.2.7
mac_os_xeq10.0.2
mac_os_xeq10.2.8
mac_os_xeq10.2.1
mac_os_xeq10.4.8 macbook
mac_os_xeq10.3.1
mac_os_xeq10.3.5

Name	Operator	Version
mac_os_x	eq	10.4.3
mac_os_x	eq	10.2.5
mac_os_x	eq	10.5.2
mac_os_x	eq	10.2.7
mac_os_x	eq	10.0.2
mac_os_x	eq	10.2.8
mac_os_x	eq	10.2.1
mac_os_x	eq	10.4.8 macbook
mac_os_x	eq	10.3.1
mac_os_x	eq	10.3.5

Rows per page:

1-10 of 1141

References

secunia.com/advisories/34424

www.digit-labs.org/files/exploits/xnu-appletalk-zip.c

www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=216401181

www.securityfocus.com/bid/34201

www.exploit-db.com/exploits/8262