Apple Mac OS X Software Update / Apple Installer format string security vulnerability

[EN] securityvulns.ru
no-pyccku

Apple Mac OS X Software Update / Apple Installer format string security vulnerability
Published: 29.01.2007
Source: MOAB
SecurityVulns ID: 7124
Type: client
Level: 6/10
Description: Format string vulnerability on parsing filename of application/x-apple.sucatalog+xml files (.sucatalog и .swutmp). Format string vulnerability in .pkg file name.

Affected: APPLE : Mac OS X 10.4
CVE: CVE-2007-0465 (Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename.)
CVE-2007-0463 (Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in (1) SWUTMP or (2) SUCATALOG filenames, or using the (3) application/x-apple.sucatalog+xml MIME type.)

Original document MOAB, MOAB-26-01-2007: Apple Installer Package Filename Format String Vulnerability (29.01.2007)

MOAB, MOAB-24-01-2007: Apple Software Update Catalog Filename Format String Vulnerability (29.01.2007)

Discuss: Read or add your comments to this news (0 comments)