SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  Apple Xcode Vendors:  Apple Computer
Apple Xcode Bugs Let Local Users Gain System Privileges
SecurityTracker Alert ID:  1018872
SecurityTracker URL:  http://securitytracker.com/id?1018872
CVE Reference:  CVE-2006-2362 ,  CVE-2006-5327 ,  CVE-2006-5328   (Links to External Site)
Date:  Oct 30 2007
Impact:  Execution of arbitrary code via local system, Execution of arbitrary code via network, Modification of system information, Root access via local system, User access via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Advisory:  Apple Security Advisory
Description:  A vulnerability was reported in Apple Xcode. A local user can obtain system privileges on the target system. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted Tektronix Hex Format (TekHex) file that, when loaded by the target user with the gdb 'restore' command, will trigger a buffer overflow and execute arbitrary code on the target system [CVE-2006-2362]. The code will run with the privileges of the target user.

The WebObjects package includes a version of OpenBase that contain search path and symlink vulnerabilities [CVE-2006-5327, CVE-2006-5328]. A local user can gain system privileges on the target system.

Jesus Olmos Gonzalez of Internet Security Auditors reported the gdb vulnerability. Kevin Finisterre of Netragard reported the OpenBase vulnerabilities.
Impact:  A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

A local user can obtain system privileges on the target system.
Solution:  The vendor has issued a fixed version (Xcode 2.5 Developer Tools), available from from the Apple Developer web site at:

http://developer.apple.com/tools/download/

Th e download file is named: "xcode25_8m2558_developerdvd.dmg"
Its SHA-1 digest is: 30884704b0a4b098f02ccbb753958cd5331b8982
Vendor URL:  apple.com/ (Links to External Site)
Cause:  Access control error, Boundary error, State error
Underlying OS:  UNIX (OS X)
Reported By:  Apple Product Security <product-security-noreply@lists.apple.com>
Message History:   None.

 Source Message Contents
Date:  Tue, 30 Oct 2007 15:13:10 -0700
From:  Apple Product Security <product-security-noreply@lists.apple.com>
Subject:  APPLE-SA-2007-10-30 Xcode 2.5 Developer Tools

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2007-10-30 Xcode 2.5 Developer Tools

Xcode 2.5 Developer Tools is now available and addresses the
following issues:

gdb
CVE-ID:  CVE-2006-2362
Available for:  Mac OS X v10.4.x, Mac OS X v10.5
Impact:  Processing a file with maliciously crafted TekHex content
may lead to an unexpected application termination or arbitrary code
execution
Description:  A buffer overflow exists in gdb's handling of files
with Tektronix Hex Format (TekHex) content. By enticing a user to run
gdb's "restore" command on a maliciously crafted TekHex file, an
attacker may cause an unexpected application termination or arbitrary
code execution. This update addresses the issue by performing
additional validation of TekHex records.

WebObjects
CVE-ID:  CVE-2006-5327, CVE-2006-5328
Available for:  Mac OS X v10.4.x, Mac OS X v10.5
Impact:  An uprivileged local user may be able to obtain system
privileges
Description:  The Xcode WebObjects package contains a demo version of
OpenBase for use with WebObjects example code. This demo version of
OpenBase may allow a local user to obtain system privileges. This
update addresses the issue by disabling the Apple-provided demo
version of OpenBase. Credit to Kevin Finisterre of Netragard for
reporting these issues.

Xcode 2.5 Developer Tools may be obtained from the Apple Developer
web site:
http://developer.apple.com/tools/download/
Login is required, and membership is free.

The download file is named:  "xcode25_8m2558_developerdvd.dmg"
Its SHA-1 digest is:  30884704b0a4b098f02ccbb753958cd5331b8982

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBRyer9cgAoqu4Rp5tAQgP6wf/dUDjYS9SYVa0nNM16LtUIi9eHEFSwxus
eRNxLoKRpOx9SZbOtoYiPlJOCubMdsV30fEU895c/TYqt6ZWc+9YKq/F7Jz7qdNN
GBLY6qC1h+tFwUr92hu7H8WZ9wZP1CaI5SO+KQd58HuMNq7L/ywRFfiFX3IVmmY7
zBU2jo/sOGKA/lbirnFRYbK0V9xT0ElPjVjbH79dJhmwM1QOqIe0SiEO2Edq3w3A
2qAasLDGkGpthtTKADgF9cNjVXf0i7si0pST/bkbrWipmoh4Ml2JDmy+sTnCijEt
IByh8HhjSd1t9EOL2OmMvKDhTcDfkA7ZwC8O8vwmFE+2Jkww4X8FzQ==
=AxY1
-----END PGP SIGNATURE-----

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2007, SecurityGlobal.net LLC