SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   Apple iTunes Vendors:   Apple
iTunes Integer Overflow in Processing AAC Files Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1016413
SecurityTracker URL:  http://securitytracker.com/id/1016413
CVE Reference:   CVE-2006-1467   (Links to External Site)
Date:  Jun 29 2006
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 6.0.5
Description:   A vulnerability was reported in iTunes. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted AAC file that, when loaded by the target user, will trigger an integer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user.

Apple credits ATmaCA and TippingPoint with reporting this vulnerability.

Impact:   A remote user can create an AAC file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued a fixed version (6.0.5), available at:

http://www.apple.com/itunes/download/

For Mac OS X:
The download file is named: "iTunes6.0.5.dmg"
Its SHA-1 digest is: 668d53a8ca8126a852a470e4b9f7b13c0ecd3db3

For Windows 2000 or XP:
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 0a82011b904e9fea33b1482deaea93094e008d96

Vendor URL:  docs.info.apple.com/article.html?artnum=303952 (Links to External Site)
Cause:   Boundary error
Underlying OS:  UNIX (macOS/OS X), Windows (2000), Windows (XP)

Message History:   None.


 Source Message Contents

Subject:  APPLE-SA-2006-06-29 iTunes 6.0.5

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2006-06-29 iTunes 6.0.5

iTunes 6.0.5 is now available and, in addition to its other content,
fixes the following security issue:

CVE-ID:  CVE-2006-1467
Available for:  Mac OS X v10.2.8 or later, Windows XP / 2000
Impact:  An integer overflow in iTunes could cause a denial of
service or lead to the execution of arbitrary code
Description:  The AAC file parsing code in iTunes versions prior
to 6.0.5 contains an integer overflow vulnerability. Parsing a
maliciously-crafted AAC file could cause iTunes to terminate or
potentially execute arbitrary code. iTunes 6.0.5 addresses this
issue by improving the validation checks used when loading AAC
files. Credit to ATmaCA working with TippingPoint and the Zero Day
Initiative for reporting this issue.

iTunes 6.0.5 may be obtained from:
http://www.apple.com/itunes/download/

For Mac OS X:
The download file is named:  "iTunes6.0.5.dmg"
Its SHA-1 digest is:  668d53a8ca8126a852a470e4b9f7b13c0ecd3db3

For Windows 2000 or XP:
The download file is named:  "iTunesSetup.exe"
Its SHA-1 digest is:  0a82011b904e9fea33b1482deaea93094e008d96

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)

iQEVAwUBRKQn3omzP5/bU5rtAQiG8Qf+K+LYZD/PUTorONxQrCQyLUFNQhJlamQy
SL13vqin0o8ogAUQuleAxuwvBPKkopdPTNadkmuABMTXFD+uDv+CyDUE3Z+93rqf
d7cC6o1e/GPZIvxyhBkZNZ9R0KsXypxIJdWTGUYECpCtf1GoVtPHut1GTqbqr1h1
qKnjzMhEqtLAlc+kjbPEhB3plEI4ga0YjhYQBLHtpAfVYIvhfJJkhZpynfsMwzpj
QXYdUAMlglwjAKNk/JkNJ9TsG4xRGxKuL3WGPxzzOgb5sAcex+/yn0njrWMHLVbx
tauOneVnh9CLRTDeYEohk+H/LhUSspnvR7c/bKt2zIC/+RMHjx091w==
=ibCr
-----END PGP SIGNATURE-----

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC