MOAB-19-01-2007: Transmit.app ftps:// URL Handler Heap Buffer Overflow

Transmit does not allocate enough space when dealing with the string passed on via the ftps:// URL handler, leading to an exploitable heap-based buffer overflow condition.

For further information:

• Transmit.app ftps:// URL Handler Heap Buffer Overflow
• Proof of concept: MOAB-19-01-2007.html

We are releasing miscellaneous issues in order to have a slot full of interesting releases for this next week, that need to be properly worked on. To all of those asking 'Is that an Apple bug?' , please refer to the FAQ:

1. Are Apple products the only one target of this initiative?

Not at all, but they are the main focus. We'll be looking over popular OS X applications as well.

MOAB-18-01-2007: Rumpus Multiple Vulnerabilities

rumpusd is vulnerable to different remotely exploitable heap-based buffer overflows, denial of service conditions and local privilege escalation issues. Due to the fact that Rumpus works under root privileges, successful exploitation by unprivileged users would allow a full compromise of the system.

Most of these issues are related to both FTP and HTTP request parsing, as well as insecure use of the system() function and incorrect permissions and/or handling of setuid binaries.

Further information:

• MOAB-18-01-2007: Rumpus Multiple Vulnerabilities
• Proof of concept: MOAB-18-01-2007.rb

MOAB-14-01-2007: AppleTalk ATPsndrsp() Heap Buffer Overflow Vulnerability

The _ATPsndrsp function is vulnerable to a heap-based buffer overflow condition, due to insufficient checking of user input. This leads to a denial of service condition and potential arbitrary code execution by unprivileged users.

For further information:

• AppleTalk ATPsndrsp() Heap Buffer Overflow Vulnerability
• Proof of concept: MOAB-14-01-2007.c

More to come. In case you want to support the project, consider a donation for the 'get a mini' fund-raising :-). As soon as it gets worked out, advertisement should probably vanish. Hopefully.