Uh oh... looks like the Mac ain't perfect after all......
---
Buffer overflow in Mac OS X
Oxygen3 24h-365d, by Panda Software (
http://www.pandasoftware.com)
Madrid, December 17 2003 - Security Corporation has reported a vulnerability affecting Mac OS X 10.3.1 which could allow local users to escalate privileges.
This security problem stems from an error in the validation of parameters in the "cd9660.util" utility. This situation could be exploited to cause a buffer overflow, by entering a long value as a parameter.
If an attacker were to successfully exploit the vulnerability, they could execute arbitrary code with root privileges. The recommended solution is to eliminate the suid bit(*).
(*) Bit activated by adding 4000 to the octal representation of the file permissions. When it is activated, it indicates that all those who run the file will have , while it is run, privileges of the creator (e.g. root). When a file has a buffer overflow vulnerability this configuration can give maximum system privileges.
------------------------------------------------------------
The 5 viruses most frequently detected by Panda ActiveScan, Panda Software's free online scanner: 1)Downloader.L; 2)Parite.B; 3)Bugbear.B; 4)Klez.I; 5)Blaster.