CVE-2006-1471Use of Externally-Controlled Format String in Apple MAC OS X

CWE-134Use of Externally-Controlled Format String2 documents2 sources
Severity
4.6MEDIUMNVD
EPSS
0.1%
top 77.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple MAC OS XApple MAC OS X Server
Timeline
PublishedJun 27
Latest updateMay 1

Description

Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as demonstrated by using a crafted plist file.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

NVDapple/mac_os_x7 versions+6
NVDapple/mac_os_x_server7 versions+6

🔴Vulnerability Details

1
GHSA
GHSA-7mgq-m2r4-6fc4: Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 102022-05-01