Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Mac OS X cd9660.util Privilege Escalation Vulnerability

Dec 15, 2003 6:48PM PST

Secunia Advisory: SA10440
Release Date: 2003-12-16
Critical: Less critical
Impact: Privilege escalation
Where: Local system
OS: Apple Macintosh OS X

Description:
Max has reported a vulnerability in Mac OS X, which can be exploited by malicious, local users to escalate their privileges.

The vulnerability is caused due to a boundary error in the utility "cd9660.util" when handling input to the probe for mounting ("-p") parameter. This can be exploited to cause a buffer overflow by supplying an overly long, specially crafted string as argument.

Successful exploitation may allow execution of arbitrary code with "root" privileges.

The vulnerability has been confirmed in Mac OS X 10.3.1. Other versions may also be affected.

Solution: Remove the suid bit.

Provided and/or discovered by: Max

http://www.secunia.com/advisories/10440/

Discussion is locked