Info

Disclosure

May 25, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Mac OS X contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when identical disk images contain files with identical names, and only one name appears. It is possible that the flaw may allow arbitrary code execution by misleading a user about the nature of a file resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Other
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Products

Apple Computer, Inc.	Mac OS X	10.3.x
		10.4
		10.4.1
		10.4.2
		10.4.3
		10.4.4
		10.4.5
		10.4.6
		10.4.7
		10.4.8
		10.4.9

References

Security Tracker: 1018121
CVE ID: 2007-0740 (see also: NVD)
Bugtraq ID: 24144
Secunia Advisory ID: 25402
ISS X-Force ID: 34498
Related OSVDB ID: 35141 35142 35143 35144 35145 35146
VUPEN Advisory: ADV-2007-1939
Vendor Specific Advisory URL: http://docs.info.apple.com/article.html?artnum=305530
Mail List Post: http://lists.apple.com/archives/security-announce/2007/May/msg00004.html

Credit

Greg Bolsinga -

Direct URL: http://osvdb.org/35147

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Apple Computer, Inc.

Mac OS X

References

Credit