SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Apple macOS/OS X Vendors:   Apple
Apple Terminal Integer Overflow in Window Resizing Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1022322
SecurityTracker URL:  http://securitytracker.com/id/1022322
CVE Reference:   CVE-2009-1717   (Links to External Site)
Date:  Jun 3 2009
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 10.5.7
Description:   A vulnerability was reported in Mac OS X in Apple Terminal. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create specially crafted HTML (referencing xterm) that, when loaded by the target user, will trigger an integer overflow in Apple Terminal and execute arbitrary code on the target user's system. The code will run with the privileges of the target user.

The vulnerability resides in the processing of 'CSI[4' xterm window resizing escape code.

The vendor was notified on May 6, 2009.

Rob King, TippingPoint DVLabs, reported this vulnerability.

The original advisory is available at:

http://dvlabs.tippingpoint.com/advisory/TPTI-09-04

Impact:   A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has reportedly issued a fix as part of Security Update 2009-002 / Mac OS X v10.5.7, described at:

http://support.apple.com/kb/HT3549

[Editor's note: The vendor's advisory does not reference this CVE number.]

Vendor URL:  support.apple.com/kb/HT3549 (Links to External Site)
Cause:   Boundary error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC