Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Buffer overflow in Mac OS X - 12/17/03

Dec 17, 2003 4:14AM PST

Madrid, December 17 2003 - Security Corporation has reported a vulnerability
affecting Mac OS X 10.3.1 which could allow local users to escalate
privileges.

This security problem stems from an error in the validation of parameters in
the "cd9660.util" utility. This situation could be exploited to cause a
buffer overflow, by entering a long value as a parameter.

If an attacker were to successfully exploit the vulnerability, they could
execute arbitrary code with root privileges. The recommended solution is to
eliminate the suid bit(*).

(*) Bit activated by adding 4000 to the octal representation of the file
permissions. When it is activated, it indicates that all those who run the
file will have , while it is run, privileges of the creator (e.g. root).
When a file has a buffer overflow vulnerability this configuration can give
maximum system privileges.

Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Discussion is locked