Forum - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

Apple Mac OS X Software Update / Apple Installer format string security vulnerability
Published: 29.01.2007
Source: MOAB
SecurityVulns ID: 7124
Type: client
Level: 6/10
Description: Format string vulnerability on parsing filename of application/x-apple.sucatalog+xml files (.sucatalog è .swutmp). Format string vulnerability in .pkg file name.

Affected: APPLE : Mac OS X 10.4
CVE: CVE-2007-0465 (Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename.)
CVE-2007-0463 (Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in (1) SWUTMP or (2) SUCATALOG filenames, or using the (3) application/x-apple.sucatalog+xml MIME type.)

Original document MOAB, MOAB-26-01-2007: Apple Installer Package Filename Format String Vulnerability (29.01.2007)

MOAB, MOAB-24-01-2007: Apple Software Update Catalog Filename Format String Vulnerability (29.01.2007)

Discuss: Read or add your comments to this news (0 comments)

Show		Threads
		Messages


Login:*		(Register)
Password:*
(private)	To:
(reply)	Subject:*
Text:

Main Forum (Eng) General security questions not appropriate for another forums.	3proxy Forum (Eng) All 3proxy question must be posted to this forum.	Bugs, Vulnerabilities, PoCs and Exploits (Eng) All vulnerability related questions, vulnerability digging and exploit creation.	Windows programming and administration (Eng) Administering Windows and application development.	Unix programming and administation (Eng) Administering Unix and application development.	Test forum Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)	3proxy Forum (Rus)	Bugs, Vulnerabilities, PoCs and Exploits (Rus)	Windows programming and administration (Rus)	Unix programming and administation (Rus)