{"vuid":"VU#878526","idnumber":"878526","name":"Apple Mac OS X \"cd9660.util\" buffer overflow","keywords":["Apple Mac OS X","cd9660.util","buffer overflow","crafted string","privilege escalation"],"overview":"A component utility in Apple's Mac OS X operating system suffers from a buffer overflow vulnerability in its handling of command-line arguments. This vulnerability could allow a local attacker to gain elevated privileges on the vulnerable system.","clean_desc":"Apple's Mac OS X operating system includes a program for mounting, probing, and unmounting ISO 9660 filesystems called cd9660.util (/System/Library/Filesystems/cd9660.fs/cd9660.util). A buffer overflow defect exists in the handling of the argument supplied to the '-p' option of this program. An overly long, specially crafted string supplied on the command-line may allow an attacker to execute code of their choosing on the system. The intruder-supplied code would be executed as the root user since the cd9660.util program is setuid to root by default.","impact":"A local attacker may be able to gain administrative (root) privileges on the vulnerable system.","resolution":"Apply a patch from the vendor Apple Computer, Inc. has released patches for this vulnerability. Please see the Systems Affected section of this document for more details.","workarounds":"Workarounds Remove the setuid permission from the cd9660.util program. This can be accomplished by executing the following command: chmod u-s /System/Library/Filesystems/cd9660.fs/cd9660.util as root. Users, particularly those that are not able to apply the patches, are encouraged to implement this workaround.","sysaffected":"","thanks":"The CERT/CC acknowledges \"Max\" for the initial public report of this vulnerability. Apple, in turn, credits KF of Secure Network Operations for discovery of this vulnerability.","author":"This document was written by Chad R Dougherty.","public":["h","t","t","p",":","/","/","w","w","w",".","s","e","c","u","n","i","a",".","c","o","m","/","a","d","v","i","s","o","r","i","e","s","/","1","0","4","4","0","/"],"cveids":["CVE-2003-1006"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2003-12-16T15:32:20Z","publicdate":"2003-12-15T00:00:00Z","datefirstpublished":"2004-03-15T19:19:45Z","dateupdated":"2004-03-15T19:19:55Z","revision":12,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"15","cam_impact":"19","cam_easeofexploitation":"8","cam_attackeraccessrequired":"10","cam_scorecurrent":"7.695","cam_scorecurrentwidelyknown":"9.8325","cam_scorecurrentwidelyknownexploited":"18.3825","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":7.695,"vulnote":null}