CVE-2005-2748

The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application.

Published: Oct 26, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-2748
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
apple / mac_os_x_server	10.4.2	10.4.2.x
apple / mac_os_x_server	10.3.9	10.3.9.x
apple / mac_os_x	10.3.9	10.3.9.x
apple / mac_os_x	10.4.2	10.4.2.x

http://lists.apple.com/archives/security-announce/2005/Sep/msg00002.html
http://secunia.com/advisories/16920/
http://www.auscert.org.au/5509
http://www.ciac.org/ciac/bulletins/p-312.shtml
http://www.suresec.org/advisories/adv7.pdf

Vulnerability Database

290,206

CVE-2005-2748