PT-2006-2479 · Apple · Launchd+1
Kevin Finisterre
·
Published
2006-06-27
·
Updated
2018-10-18
·
CVE-2006-1471
CVSS v2.0
4.6
Medium
| Vector | AV:L/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Apple Mac OS X versions 10.4 up to 10.4.6
Description
The issue is related to a format string vulnerability in the CF syslog function launchd. This vulnerability allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility. It can be exploited by using a crafted plist file.
Recommendations
For Apple Mac OS X versions 10.4 up to 10.4.6, update to a version later than 10.4.6 to resolve the issue.
Fix
Use of Externally-Controlled Format String
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Macos X
Launchd