OSVDB ID: 40669

Title: Apple Mac OS X NFS Component Crafted AUTH_UNIX RPC Packet Remote Code Execution

Info

Disclosure

Nov 15, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Nov 15, 2007

Description

A double-free issue exists in Mac OS X. NFS fails to AUTH_UNIX RPC packets resulting in the freeing of memory which had previously been freed. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Upgrade to version 10.4.11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Apple Computer, Inc.	Mac OS X	10.4.3
		10.4.4
		10.4.1
		10.4.6
		10.4.8
		10.4.2
		10.4.10
		10.4.5
		10.4.7
		10.4.9
		10.4

References

CVE ID: 2007-4690 (see also: NVD)
Secunia Advisory ID: 27643
Related OSVDB ID: 40661 40662 40663 40664 40665 40666 40667 40668 40670 40671 40672 40673 40674 40675 40676 40677 40678 40679 40680 40681 40682 40683 40684 40685 40686 40687 40688 40689 40690 40691 40693
Vendor Specific Advisory URL: http://docs.info.apple.com/article.html?artnum=307041

Credit

Alan Newson - NGSSoftware
Renaud Deraison - Tenable Network Security, Inc.

Direct URL: http://osvdb.org/40669

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Apple Computer, Inc.

Mac OS X

References

Credit