Vulnerability Details CVE-2005-2748
The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.5%
CVSS Severity
CVSS v2 Score 2.1
References
- http://lists.apple.com/archives/security-announce/2005/Sep/msg00002.html
- http://secunia.com/advisories/16920/
- http://www.auscert.org.au/5509
- http://www.ciac.org/ciac/bulletins/p-312.shtml
- http://www.suresec.org/advisories/adv7.pdf
- http://lists.apple.com/archives/security-announce/2005/Sep/msg00002.html
- http://secunia.com/advisories/16920/
- http://www.auscert.org.au/5509
- http://www.ciac.org/ciac/bulletins/p-312.shtml
- http://www.suresec.org/advisories/adv7.pdf
Products affected by CVE-2005-2748
-
cpe:2.3:o:apple:mac_os_x:10.3.9
-
cpe:2.3:o:apple:mac_os_x:10.4.2
-
cpe:2.3:o:apple:mac_os_x_server:10.3.9
-
cpe:2.3:o:apple:mac_os_x_server:10.4.2