nireport / Mac OS X 10.4.7 (Darwin 8.7)

Meta: December 28th 2006 // Advisories

Application: Nireport / Darwin 8.7
Vendors: http://www.opensolaris.org
Date: 28th Dec 2006

Nireport Buffer overflow

nireport prints a tab-separated report of selected values in all subdirectories of a given directory in a NetInfo domain. usage: nireport domain directory property …

Explanation

There is a buffer overflow vulnerability in nineport at line 178
CODE : char myname[128]; …… if (slash == NULL) strcpy(myname, argv[0]);
BUG : if argv[0] larger than 128 chars a BOF condidition will occure

/usr/sbin/nireport runs as the user executing it and is not granted any additional privileges by default.

This issue can be rated as low. Apple security team marked this as “Other Bug” so I’ll do the same.

Note that if the wrong permissions are set this issue might assist in privilege escalation.

*Demonstration bug for Bugle

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Postscript: Leave A Comment // Subscribe (RSS Feed)

The Next Post: Fssdispadmin Buffer Overflow
The Previous Post: Packedelic