Apple Terminal Integer Overflow in Window Resizing Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1022322 |
|
SecurityTracker URL: http://securitytracker.com/id/1022322
|
|
CVE Reference:
CVE-2009-1717
(Links to External Site)
|
Date: Jun 3 2009
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 10.5.7
|
Description:
A vulnerability was reported in Mac OS X in Apple Terminal. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create specially crafted HTML (referencing xterm) that, when loaded by the target user, will trigger an integer overflow in Apple Terminal and execute arbitrary code on the target user's system. The code will run with the privileges of the target user.
The vulnerability resides in the processing of 'CSI[4' xterm window resizing escape code.
The vendor was notified on May 6, 2009.
Rob King, TippingPoint DVLabs, reported this vulnerability.
The original advisory is available at:
http://dvlabs.tippingpoint.com/advisory/TPTI-09-04
|
Impact:
A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
The vendor has reportedly issued a fix as part of Security Update 2009-002 / Mac OS X v10.5.7, described at:
http://support.apple.com/kb/HT3549
[Editor's note: The vendor's advisory does not reference this CVE number.]
|
Vendor URL: support.apple.com/kb/HT3549 (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 2 Jun 2009 22:56:54 -0400
Subject: Mac OS X
|
Apple Terminal xterm Resize Escape Sequence Memory Corruption Vulnerability
TPTI-09-04
CVE-2009-1717
http://dvlabs.tippingpoint.com/advisory/TPTI-09-04
|
|
