Apple Mac OS X iSync Mrouter Multiple Parameter Overflow
Local Access Required
Loss of Integrity
A local overflow exists in Mac OS X. The mrouter binary installed with iSync fails to validate user input to the -v and -a parameters resulting in a buffer overflow. With a specially crafted request, an attacker can cause privilege escalation to root resulting in a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Braden Thomas <firstname.lastname@example.org> discovered this vulnerability. <email@example.com> created the proof of concept exploit.
Apple iSync 1.5
iSync's 'mRouter' binary is reportedly susceptible to a local command line argument buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied input data prior to copying it into an insufficiently sized memory buffer.
The 'mRouter' binary is installed by default with setuid superuser permissions. This vulnerability allows users with local interactive access to a computer with the affected application installed to gain superuser privileges.