Dear [ Suresec Advisories ],
Well... another one reason to do not write messages in HTML - the link
points to adv6.pdf instead of adv7.pdf while the text is correct. Let
readers to choose font and colors to read your message, write it in
plain text.
--
~/ZARAZA
http://www.security.nnov.ru/
--Sunday, September 25, 2005, 4:34:26 PM, you wrote to full-disclosure_at_lists.grok.org.uk:
SA> Suresec Security Advisory - #00007
SA> 25/09/2005
SA> Mac OS X - malloc() insecure use of environment variable.
SA> Advisory: http://www.suresec.org/advisories/adv7.pdf
SA> Description:
SA> The malloc() function on Mac OS X insecurely trusts a debug
SA> variable, regardless of the fact that the calling application may be
SA> suid root.
SA> This can result in an arbitrary file being overwritten, which
SA> can be used to escalate privileges.
SA> This vulnerability was discovered by Ilja van Sprundel.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Sep 26 2005
Intro
