Overview
There is an integer overflow in the ffs_mountfs() function, which is used by Apple's OS X operating system to handle UFS disc images.
Description
Unix File System (UFS) is a file system used by Unix and other similar operating systems. Apple OS X supports UFS, partitions, and images. There is an integer overflow error in the ffs_mountfs() function that may occur when an OS X system opens a UFS disc image. To trigger the overflow, an attacker would need to convince a user to open a specially crafted disc image. Note that the Safari web browser's default settings consider UFS disc images to be a safe file type, and will automatically open them after downloading. |
Impact
A remote, unauthenticated attacker with the ability to supply a specially crafted DMG file may be able to cause an affected system to crash, thereby creating a denial of service. The original reporter states that an attacker may also be able to execute arbitrary code using this vulnerability. However, this has not been confirmed. |
Solution
Upgrade |
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://projects.info-pull.com/moab/MOAB-10-01-2007.html
- http://secunia.com/advisories/23703/
- http://applefun.blogspot.com/index.html
- http://en.wikipedia.org/wiki/Unix_File_System
- http://docs.info.apple.com/article.html?artnum=301191
- http://www.securityfocus.com/bid/21993
- http://docs.info.apple.com/article.html?artnum=305214
Acknowledgements
This issue was reported by LMH on the month of Apple bugs website.
This document was written by Ryan Giobbi.
Other Information
| CVE IDs: | CVE-2006-5679 |
| Severity Metric: | 1.14 |
| Date Public: | 2007-01-10 |
| Date First Published: | 2007-01-16 |
| Date Last Updated: | 2007-03-13 21:32 UTC |
| Document Revision: | 21 |