ISS X-Force Database: macosx-launchd-format-string(27479): Apple Mac OS X launchd format string

Apple Mac OS X launchd format string

macosx-launchd-format-string (27479)

High Risk

Description:

Apple Mac OS X and Mac OS X Server could allow a local attacker to execute arbitrary commands on the system with elevated privileges, caused by a format string vulnerability in the launchd logging function. A local authenticated user could exploit this vulnerability by passing specially-crafted format specifiers to the CF_syslog() function using a malicious plist file, allowing the attacker to execute arbitrary commands on the system with elevated privileges.

Consequences:

Gain Privileges

Remedy:

Apply the Mac OS X 10.4.7 Update, available from the Apple Web site. See References.

References:

Apple Security-Announce Mailing List, Tue, 27 Jun 2006 13:16:56 -0700: APPLE-SA-2006-06-27 Mac OS X v10.4.7.
Digital Munition Advisory DMA[2006-0628a]: Apple OSX launchd unformatted syslog() vulnerability.
Mac OS X 10.4.7 Update : About the security content of the Mac OS X 10.4.7 Update.
BID-18686: Retired: Apple Mac OS X Multiple Security Vulnerabilities
BID-18724: Apple Mac OS X LaunchD Local Format String Vulnerability
CVE-2006-1471: Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as demonstrated by using a crafted plist file.
OSVDB ID: 26933: Mac OS X CF_syslog Function Format String
SA20877: Mac OS X Update Fixes Multiple Vulnerabilities
SECTRACK ID: 1016397: Apple Mac OS X Format String Bug in launchd Lets Local Users Gain Elevated Privileges
VUPEN/ADV-2006-2566: Apple Mac OS X Multiple Command Execution and Privilege Escalation Vulnerabilities

Platforms Affected:

Apple Mac OS X 10.4
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4.10
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.2
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.6
Apple Mac OS X Server 10.4
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4.10
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.6

Reported:

Jun 27, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page