PT-2005-3630 · Apple · Libsystem+1

Ilja Van Sprundel

Published

2005-10-25

Updated

2008-09-05

CVE-2005-2748

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions libSystem library in Apple Mac OS X versions 10.3.9 through 10.4.2

Description The issue allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application. This is due to a problem in the malloc function within the libSystem library.

Recommendations For Mac OS X versions 10.3.9 through 10.4.2, consider restricting the use of setuid applications or avoid setting the MallocLogFile environment variable to sensitive files until a fix is available. As a temporary workaround, restrict access to sensitive files that could be overwritten by exploiting this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2748

Affected Products

Macos X

Libsystem

PT-2005-3630 · Apple · Libsystem+1

CVE-2005-2748

Related Identifiers

Affected Products

References · 6