PT-2006-2479 · Apple · Launchd+1
Kevin Finisterre
·
Publicado
2006-06-27
·
Atualizado
2018-10-18
·
CVE-2006-1471
CVSS v2.0
4.6
Média
| Vetor | AV:L/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Apple Mac OS X versions 10.4 up to 10.4.6
Description
The issue is related to a format string vulnerability in the CF syslog function launchd. This vulnerability allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility. It can be exploited by using a crafted plist file.
Recommendations
For Apple Mac OS X versions 10.4 up to 10.4.6, update to a version later than 10.4.6 to resolve the issue.
Correção
Use of Externally-Controlled Format String
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Macos X
Launchd