OSVDB ID: 30738

Title: Apple Mac OS X Apple Type Services (ATS) Crafted Service Request Multiple Overflow

Info

Disclosure

Nov 14, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Multiple unspecified local overflows exist in Mac OS X. The Apple Type Services server fails to validate service requests resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Products

Apple Computer, Inc.	Mac OS X	10.4
		10.4.1
		10.4.2
		10.4.3
		10.4.4
		10.4.5
		10.4.6
		10.4.7
		10.4.8

References

Security Tracker: 1017301
CVE ID: 2006-4398 (see also: NVD)
Bugtraq ID: 21335
Secunia Advisory ID: 23155
Related OSVDB ID: 30726 30727 30728 30729 30730 30731 30732 30733 30734 30735 30736 30737 30739
CERT VU: 800296
VUPEN Advisory: ADV-2006-4750
Vendor Specific Advisory URL: http://docs.info.apple.com/article.html?artnum=304829
News Article: http://news.com.com/Apple+Mac+OS+X+patch+plugs+31+vulnerabilities/2100-1002_3-6139117.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/30738

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Apple Computer, Inc.

Mac OS X

References

Credit