[Forgot Password]
Login  Register Subscribe

23631

 
 

119105

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2006-1471

Date: (C)2006-06-27   (M)2017-07-21 


Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as demonstrated by using a crafted plist file.

CVSS Score: 4.6Access Vector: LOCAL
Exploit Score: 3.9Access Complexity: LOW
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
SECTRACK-1016397
BID-18686
BID-18724
http://www.securityfocus.com/archive/1/archive/1/438699/100/0/threaded
SECUNIA-20877
OSVDB-26933
ADV-2006-2566
APPLE-SA-2006-06-27
macosx-launchd-format-string(27479)

CPE    14
cpe:/o:apple:mac_os_x:10.4
cpe:/o:apple:mac_os_x_server:10.4.6
cpe:/o:apple:mac_os_x_server:10.4.5
cpe:/o:apple:mac_os_x_server:10.4.4
...
CWE    1
CWE-134

© 2013 SecPod Technologies