Overview
Apple Mac OS X Server NeST tool contains a vulnerability in the processing of command line arguments that could allow an attacker to execute arbitrary code.
Description
NeST is the NetInfo Setup Tool for Apple Mac OS X Server. There is a buffer overflow vulnerability in the way NeST performs bounds checking on command line arguments. By supplying the -target command line parameter with an overly long string of characters, a local user could execute arbitrary code on the system with privileges of the NeST process. Please note that NeST executes with root privileges. |
Impact
A local user could execute arbitrary code with privileges of the NeST process, possibly root. |
Solution
Apply Update |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was reported by iDEFENSE Labs who acknowledges Nico for providing information concerning this vulnerability.
This document was written by Jeff Gennari.
Other Information
| CVE IDs: | CVE-2005-0594 |
| Severity Metric: | 10.69 |
| Date Public: | 2005-05-03 |
| Date First Published: | 2005-05-16 |
| Date Last Updated: | 2005-05-17 16:00 UTC |
| Document Revision: | 24 |