Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:5689
HistoryJan 30, 2004 - 12:00 a.m.

MacOS X TruBlueEnvironment Buffer Overflow

2004-01-3000:00:00
vulners.com
16

0.007 Low

EPSS

Percentile

80.4%

JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                            @stake, Inc.
                          www.atstake.com

                        Security Advisory

Advisory Name: TruBlueEnvironment Buffer Overflow
Release Date: 01/27/2004
Application: TruBlueEnvironment
Platform: Mac OS X 10.3.x and 10.2.x
Severity: A user with an account on the system can become root
Author: Dave G. <[email protected]>
Vendor Status: Notified, Patch Issued
CVE Candidate: CAN-2004-0089 TruBlueEnvironment Buffer Overflow
Reference: www.atstake.com/research/advisories/2004/a012704-1.txt

Overview:

TruBlueEnvironment is part of the MacOS Classic Emulator. It is
setuid root and installed by default. There is a buffer overflow
vulnerability that allows a user with interactive access to escalate
privileges to root.

Details:

TruBlueEnvironment takes the value of an environment variable and
copies it into a buffer without performing any bounds checking. Since
this buffer is stored on the stack, it is possible to overwrite the
return stack frame and execute arbitrary code as root.

Vendor Response:

This is fixed in Security Update 2004-01-26. Further information
about this update is available via:

http://docs.info.apple.com/article.html?artnum=61798

Recommendation:

Restrict access to the TruBlueEnvironment(*) executable, or remove
it entirely if it is not being used. One approach to restricting
access would be to remove global execute permissions from the
TruBlueEnvironment executable, and only allow a specific group to
execute the application. The following commands will restrict access
to the 'admin' group:

sudo chown .admin
/System/Library/CoreServices/Classic\
Startup.app/Contents/Resources/TruBlueEnvironment

sudo chmod 4750
/System/Library/CoreServices/Classic\
Startup.app/Contents/Resources/TruBlueEnvironment

(*) Located in
/System/Library/CoreServices/Classic\
Startup.app/Contents/Resources/TruBlueEnvironment

Common Vulnerabilities and Exposures (CVE) Information:

The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.

CAN-2004-0089 TruBlueEnvironment Buffer Overflow

@stake Vulnerability Reporting Policy:
http://www.atstake.com/research/policy/

@stake Advisory Archive:
http://www.atstake.com/research/advisories/

PGP Key:
http://www.atstake.com/research/pgp_key.asc

Copyright 2004 @stake, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0 - not licensed for commercial use: www.pgp.com

iQA/AwUBQBh7qke9kNIfAm4yEQL2dQCeMd/Dje0rfRwenO9eKdVVqw5hbTsAniz3
bVqnpAekJOKpfwL2+fFdQsAp
=Be1Y
-----END PGP SIGNATURE-----

Related

cert 1
cve 1
cvelist 1
nvd 1
nessus 1
cert
cert
Apple Mac OS X TruBlueEnvironment vulnerable to buffer overflow
2004-03-08 00:00:00
cve
cve
CVE-2004-0089
2004-09-01 04:00:00
cvelist
cvelist
CVE-2004-0089
2004-09-01 04:00:00
nvd
nvd
CVE-2004-0089
2004-03-03 05:00:00
nessus
nessus
Mac OS X Multiple Vulnerabilities (Security Update 2004-01-26)
2004-07-06 00:00:00

0.007 Low

EPSS

Percentile

80.4%

JSON
Related for SECURITYVULNS:DOC:5689
cert1cve1cvelist1nvd1nessus1