Информационная безопасность
[RU] switch to English


Многочисленные ошибки при разборе дисковых образов в Mac OS X / Apple Finder
дополнено с 11 января 2007 г.
Опубликовано:16 января 2007 г.
Источник:
SecurityVulns ID:7040
Тип:локальная
Уровень опасности:
6/10
Описание:Переполнение буфера на длинной метке тома DMG в Apple Finder. Целочисленные переполнения при разборе DMG-тома в UFS. DoS через тома UFS и HFS+.
Затронутые продукты:APPLE : Mac OS X 10.4
 FREEBSD : FreeBSD 6.1
CVE:CVE-2007-0318 (The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal.)
 CVE-2007-0299 (Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a crafted Unix File System (UFS) DMG image, which triggers an invalid pointer dereference.)
 CVE-2007-0267 (The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels allows local users to cause a denial of service (kernel panic) and possibly corrupt other filesystems by mounting a crafted UNIX File System (UFS) DMG image that contains a corrupted directory entry (struct direct), related to the ufs_dirbad function. NOTE: a third party states that the FreeBSD issue does not cross privilege boundaries.)
 CVE-2007-0229 (Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.)
 CVE-2007-0197 (Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption.)
Оригинальный текстdocumentMOAB, MOAB-13-01-2007: Apple DMG HFS+ do_hfs_truncate() Denial of Service Vulnerability (16.01.2007)
 documentMOAB, MOAB-12-01-2007: Apple DMG UFS ufs_lookup() Denial of Service Vulnerability (16.01.2007)
 documentMOAB, MOAB-11-01-2007: Apple DMG UFS byte_swap_sbin() Integer Overflow Vulnerability (16.01.2007)
 documentMOAB, MOAB-10-01-2007: Apple DMG UFS ffs_mountfs() Integer Overflow Vulnerability (16.01.2007)
 documentKevin Finisterre, DMA[2007-0109a] - 'Apple Finder Disk Image Volume Label Overflow / DoS' (11.01.2007)
Файлы:Exploits Apple DMG UFS ufs_lookup() Denial of Service Vulnerability
 Exploits Apple DMG UFS ffs_mountfs() Integer Overflow Vulnerability
 Exploits Apple DMG UFS byte_swap_sbin() Integer Overflow Vulnerability
 Exploits Apple DMG HFS+ do_hfs_truncate() Denial of Service Vulnerability
 Exploits Apple Finder DMG Volume Name Memory Corruption

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород