Info

Disclosure

Jul 14, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

An unspecified remote overflow exists in Mac OS X. The AFP server fails to validate requests from an authenticated user resulting in an integer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch (Security Update 2006-004) to address this vulnerability.

Products

Apple Computer, Inc.	Mac OS X	10.3.x
		10.4
		10.4.1
		10.4.2
		10.4.3
		10.4.4
		10.4.5
		10.4.6
		10.4.7

References

CVE ID: 2006-1473 (see also: NVD)
Secunia Advisory ID: 21253
Related OSVDB ID: 27730 27732 27733 27734 27735 27736 27737 27738 27739 27740 27741 27742 27743 27744 27745
CERT VU: 575372
Vendor Specific Advisory URL: http://docs.info.apple.com/article.html?artnum=304063

Credit

Dino Dai Zovi - Matasano Security

Direct URL: http://osvdb.org/27731

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Apple Computer, Inc.

Mac OS X

References

Credit