OSVDB ID: 40668

Title: Apple Mac OS X NSURL Component Mixed Case Request Local File System Restriction Bypass

Info

Disclosure

Nov 15, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Nov 15, 2007

Description

Mac OS X contains a flaw that may allow a malicious user to execute arbitary code. The issue is triggered when the NSURL API fails to validate URLs. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

Classification

Location: Local Access Required, Remote / Network Access, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS, Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Upgrade to version 10.4.11 or higher, as it has been reported to fix this vulnerability. In addition, Apple has released a patch for 10.3.9.

Products

Apple Computer, Inc.	Mac OS X	10.4.3
		10.4.4
		10.4.1
		10.3.9
		10.4.6
		10.4.8
		10.4.2
		10.4.10
		10.4.5
		10.4.7
		10.4.9
		10.4

References

Security Tracker: 1018950
CVE ID: 2007-4691 (see also: NVD)
Bugtraq ID: 26444
Secunia Advisory ID: 27643
ISS X-Force ID: 38478
Related OSVDB ID: 40661 40662 40663 40664 40665 40666 40667 40669 40670 40671 40672 40673 40674 40675 40676 40677 40678 40679 40680 40681 40682 40683 40684 40685 40686 40687 40688 40689 40690 40691 40693
VUPEN Advisory: ADV-2007-3868
Vendor Specific Advisory URL: http://docs.info.apple.com/article.html?artnum=307041
Mail List Post: http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
Other Advisory URL: http://www.us-cert.gov/cas/techalerts/TA07-319A.html
CERT: TA07-319A

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/40668

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Apple Computer, Inc.

Mac OS X

References

Credit