Wednesday, August 2, 2006

Apple OSX Fetchmail Buffer Overflow

KF is at it again, reminding the public that security isn't just about which operating system you use.....




DMA[2006-0801a] - 'Apple OSX fetchmail buffer overflow'

Author: Kevin Finisterre

Vendor:
http://www.apple.com/

Product: 'Mac OSX <=10.4.7'


References:
http://www.digitalmunition.com/DMA[2006-0801a].txt
http://www.digitalmunition.com/getpwnedmail-x86.pl
http://www.digitalmunition.com/getpwnedmail-ppc.pl
http://www.freebsd.org/cgi/query-pr.cgi?pr=83805
http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt
http://www.securityfocus.com/bid/14349

Description:
fetchmail-SA-2005-01 states that 'In fetchmail-6.2.5 and older, very long UIDs can cause fetchmail to crash, or potentially make it execute code placed on the stack. In some configurations, fetchmail is run by the root user to download mail for multiple accounts.'. The authors of fetchmail made patches for these issues available to the public on 2005-07-21.

In defiance of a 'very proactive approach to security' Apple's OSX remained unpatched for approximately one year after the vendor supplied patches were made available. Shortly after the vendor disclosure of this bug exploits were made available by The Mantis Project (bannedit (at) frontiernet (dot) net [email concealed]). Conicidentally a recent paper was written about exploiting buffer overflows and this vulnerability was used as an example:
http://packetstormsecurity.org/papers/attack/payload-rewrite_exploit.txt

See the released exploit information here.





Yet another example of how OS X users can be vulnerable to attack because Apple doesn't patch its own use of open source software. It isn't the first time and I bet it won't be the last.

No comments:

Post a Comment