Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1717

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2009-1717
Last Modified 29 Jun 2009 03:15:51
Published 05 Jun 2009 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1717

Summary

Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based buffer overflow.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.5

  • Apple Mac Os X 10.5.0

  • Apple Mac Os X 10.5.1

  • Apple Mac Os X 10.5.2

  • Apple Mac Os X 10.5.3

  • Apple Mac Os X 10.5.4

  • Apple Mac Os X 10.5.5

  • Apple Mac Os X 10.5.6

  • Apple Mac Os X Server 10.5

  • Apple Mac Os X Server 10.5.0

  • Apple Mac Os X Server 10.5.1

  • Apple Mac Os X Server 10.5.2

  • Apple Mac Os X Server 10.5.3

  • Apple Mac Os X Server 10.5.4

  • Apple Mac Os X Server 10.5.5

  • Apple Mac Os X Server 10.5.6


References

BID - 35182

BUGTRAQ - 20090602 TPTI-09-04: Apple Terminal xterm Resize Escape Sequence Memory Corruption Vulnerability

CONFIRM - http://support.apple.com/kb/HT3549

SECTRACK - 1022322

XF - macos-terminal-bo(50982)

MISC - http://dvlabs.tippingpoint.com/advisory/TPTI-09-04


Last Updated: 27 May 2016 10:50:38