ISS X-Force Database: macosx-networking-ioctl-bo(38475): Apple Mac OS X Networking component IOCTL AppleTalk buffer overflow

Apple Mac OS X Networking component IOCTL AppleTalk buffer overflow

macosx-networking-ioctl-bo (38475)

High Risk

Description:

The Apple Mac OS X Networking component is vulnerable to a stack-based buffer overflow, caused by improper bounds checking of IOCTL requests when adding new AppleTalk zones to the routing table. By sending a specially-crafted IOCTL request, a local attacker could overflow a buffer and execute arbitrary code on the system with kernel level privileges or cause the system to crash.

Note: In order to exploit this vulnerability, AppleTalk must be enabled and configured in routing mode. This is not the default configuration.

Platforms Affected:

Apple, Mac OS X 10.4
Apple, Mac OS X 10.4.1
Apple, Mac OS X 10.4.10
Apple, Mac OS X 10.4.2
Apple, Mac OS X 10.4.3
Apple, Mac OS X 10.4.4
Apple, Mac OS X 10.4.5
Apple, Mac OS X 10.4.6
Apple, Mac OS X 10.4.7
Apple, Mac OS X 10.4.8
Apple, Mac OS X 10.4.9
Apple, Mac OS X Server 10.4
Apple, Mac OS X Server 10.4.1
Apple, Mac OS X Server 10.4.10
Apple, Mac OS X Server 10.4.2
Apple, Mac OS X Server 10.4.3
Apple, Mac OS X Server 10.4.4
Apple, Mac OS X Server 10.4.5
Apple, Mac OS X Server 10.4.6
Apple, Mac OS X Server 10.4.7
Apple, Mac OS X Server 10.4.8
Apple, Mac OS X Server 10.4.9

Remedy:

Apply Apple Security Update 2007-008 or upgrade to the latest version of Mac OS X (10.4.11 or later), available from the Apple Web site. See References.

Consequences:

Gain Privileges

References:

Apple Web site, About the security content of Mac OS X 10.4.11 and Security Update 2007-008 at http://docs.info.apple.com/article.html?artnum=307041.
iDefense Labs PUBLIC ADVISORY: 11.14.07, Apple Mac OS X AppleTalk Socket IOCTL Kernel Stack Buffer Overflow Vulnerability at http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=627.
BID-26444: Apple Mac OS X v10.4.11 2007-008 Multiple Security Vulnerabilities
CVE-2007-4267: Stack-based buffer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted IOCTL request that adds an AppleTalk zone to a routing table.
SA27643: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECTRACK ID: 1018950: Mac OS X Kernel and Networking Bugs Let Remote and Local Users Deny Service or Execute Arbitrary Code
VUPEN/ADV-2007-3868: Apple Mac OS X Command Execution and Denial of Service Vulnerabilities

Reported:

Nov 14, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page