HTTP: Apple Mac OS X Installer Package Filename Format String Vulnerability
This signature detects attempts to exploit a known vulnerability against the Apple Mac OS X Installer application. By embedding format string characters in a filename, an attacker can cause arbitrary code to be executed on the client host.
Extended Description
Apple Installer is prone to a format-string vulnerability because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. A successful attack may crash the application or possibly allow the attacker to execute arbitrary code. This may facilitate unauthorized access or privilege escalation in the context of the user running the application. Apple Installer Version 2.1.5 on Mac OS X 10.4.8 is vulnerable to this issue; other versions may also be affected.
Affected Products
Apple mac_os_x_server
Short Name
HTTP:MISC:APPLE-INSTALLER-FS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Apple CVE-2007-0465 Filename Format Installer Mac OS Package String Vulnerability X bid:22272
Release Date
10/01/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Apple
CVSS Score
7.6