Security consulting firm, @Stake issued three security advisories for Apple’s Mac OS X operating system late last night. The advisories affect Mac OS X 10.2.8 and lower and do not appear to affect the company’s recently released Panther operating system. In fact, @Stake is recommending users upgrade to Panther as a fix for the problems.
The three advisories are Long argv[] Buffer Overflow; Systemic Insecure File Permissions; and Arbitrary File Overwrite via Core Files. @Stake lists the severity of the advisories as being “high.”
Long argv[] Buffer Overflow allows an attacker to crash Mac OS X and possibly execute commands as root. According to @Stake, “It is possible to cause the Mac OS X kernel to crash by specifying a long command line argument. While this primarily affects local users there may be conditions where this situation is remotely exploitable if a program, which receives network input, spawns another process with user input. It is possible to use this condition to dump small portions of memory back to an attacker.”
The Systemic Insecure File Permissions advisory says that many applications are installed onto Mac OS X systems with insecure file permissions. This is due to two distinct classes of problems, according to @Stake: 1. A security issue regarding DMG files managed by Mac OS X and 2. Insecure file permissions packaged by different vendors.
The result of this vulnerability is that files and directories are globally writeable and allows an attacker to replace binaries and obtain additional privileges.
The third advisory, listed by @Stake as Arbitrary File Overwrite via Core Files, allows attackers with interactive shell access to overwrite arbitrary files and read core files created by root owned processes. This may result in sensitive information like authentication credentials being compromised.
Apple representatives were not immediately available for comment.