Computer Security
[EN] securityvulns.ru no-pyccku


Mac OS X / Apple Finder multiple file system parsing vulnerabilities
updated since 11.01.2007
Published:16.01.2007
Source:
SecurityVulns ID:7040
Type:local
Threat Level:
6/10
Description:Buffer overflow on oversized DMG volume label in Apple Finder. Integer overflows on UFS DMG image parsing. DoS on processing UFS and HFS+ volumes.
Affected:APPLE : Mac OS X 10.4
 FREEBSD : FreeBSD 6.1
CVE:CVE-2007-0318 (The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal.)
 CVE-2007-0299 (Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a crafted Unix File System (UFS) DMG image, which triggers an invalid pointer dereference.)
 CVE-2007-0267 (The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels allows local users to cause a denial of service (kernel panic) and possibly corrupt other filesystems by mounting a crafted UNIX File System (UFS) DMG image that contains a corrupted directory entry (struct direct), related to the ufs_dirbad function. NOTE: a third party states that the FreeBSD issue does not cross privilege boundaries.)
 CVE-2007-0229 (Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.)
 CVE-2007-0197 (Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption.)
Original documentdocumentMOAB, MOAB-13-01-2007: Apple DMG HFS+ do_hfs_truncate() Denial of Service Vulnerability (16.01.2007)
 documentMOAB, MOAB-12-01-2007: Apple DMG UFS ufs_lookup() Denial of Service Vulnerability (16.01.2007)
 documentMOAB, MOAB-11-01-2007: Apple DMG UFS byte_swap_sbin() Integer Overflow Vulnerability (16.01.2007)
 documentMOAB, MOAB-10-01-2007: Apple DMG UFS ffs_mountfs() Integer Overflow Vulnerability (16.01.2007)
 documentKevin Finisterre, DMA[2007-0109a] - 'Apple Finder Disk Image Volume Label Overflow / DoS' (11.01.2007)
Files:Exploits Apple Finder DMG Volume Name Memory Corruption
 Exploits Apple DMG UFS ffs_mountfs() Integer Overflow Vulnerability
 Exploits Apple DMG UFS byte_swap_sbin() Integer Overflow Vulnerability
 Exploits Apple DMG UFS ufs_lookup() Denial of Service Vulnerability
 Exploits Apple DMG HFS+ do_hfs_truncate() Denial of Service Vulnerability

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod