CVE-2009-1717

Severity

68%

Complexity

86%

Confidentiality

106%

Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based buffer overflow.

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

Type

Apple Mac OS X

First reported 16 years ago

2009-06-05 16:00:00

Last updated 6 years ago

2018-10-10 19:38:00

Affected Software

Apple Mac OS X 10.5

10.5

Apple Mac OS X 10.5.0

10.5.0

Apple Mac OS X 10.5.1

10.5.1

Apple Mac OS X 10.5.2

10.5.2

Apple Mac OS X 10.5.3

10.5.3

Apple Mac OS X 10.5.4

10.5.4

Apple Mac OS X 10.5.5

10.5.5

Apple Mac OS X 10.5.6

10.5.6

Apple Mac OS X Server 10.5

10.5

Apple Mac OS X Server 10.5.0

10.5.0

Apple Mac OS X Server 10.5.1

10.5.1

Apple Mac OS X Server 10.5.2

10.5.2

Apple Mac OS X Server 10.5.3

10.5.3

Apple Mac OS X Server 10.5.4

10.5.4

Apple Mac OS X Server 10.5.5

10.5.5

Apple Mac OS X Server 10.5.6

10.5.6

References

http://dvlabs.tippingpoint.com/advisory/TPTI-09-04

1022322

Patch

http://support.apple.com/kb/HT3549

Patch, Vendor Advisory

20090602 TPTI-09-04: Apple Terminal xterm Resize Escape Sequence Memory Corruption Vulnerability

35182