search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Apple Mac OS X "cd9660.util" buffer overflow

Vulnerability Note VU#878526

Original Release Date: 2004-03-15 | Last Revised: 2004-03-15

Overview

A component utility in Apple's Mac OS X operating system suffers from a buffer overflow vulnerability in its handling of command-line arguments. This vulnerability could allow a local attacker to gain elevated privileges on the vulnerable system.

Description

Apple's Mac OS X operating system includes a program for mounting, probing, and unmounting ISO 9660 filesystems called cd9660.util (/System/Library/Filesystems/cd9660.fs/cd9660.util). A buffer overflow defect exists in the handling of the argument supplied to the '-p' option of this program. An overly long, specially crafted string supplied on the command-line may allow an attacker to execute code of their choosing on the system. The intruder-supplied code would be executed as the root user since the cd9660.util program is setuid to root by default.

Impact

A local attacker may be able to gain administrative (root) privileges on the vulnerable system.

Solution

Apply a patch from the vendor

Apple Computer, Inc. has released patches for this vulnerability. Please see the Systems Affected section of this document for more details.

Workarounds


Remove the setuid permission from the cd9660.util program. This can be accomplished by executing the following command:

chmod u-s /System/Library/Filesystems/cd9660.fs/cd9660.util

as root. Users, particularly those that are not able to apply the patches, are encouraged to implement this workaround.

Vendor Information

878526
 
Expand all

Apple Computer Inc. Affected

Updated:  March 15, 2004

Status

Affected

Vendor Statement

The following is Apple's response for the Jaguar (Mac OS X 10.2.x) product:

APPLE-SA-2003-12-19_Jaguar.asc

The following is Apple's response for the Panther (Mac OS X 10.3.x) product:

APPLE-SA-2003-12-19_Panther.asc

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

http://www.secunia.com/advisories/10440/

Acknowledgements

The CERT/CC acknowledges "Max" for the initial public report of this vulnerability. Apple, in turn, credits KF of Secure Network Operations for discovery of this vulnerability.

This document was written by Chad R Dougherty.

Other Information

CVE IDs: CVE-2003-1006
Severity Metric: 7.70
Date Public: 2003-12-15
Date First Published: 2004-03-15
Date Last Updated: 2004-03-15 19:19 UTC
Document Revision: 12

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis