• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Apple iSync mRouter Local Command Line Argument Buffer Overflow Vulnerability

iSync's 'mRouter' binary is reportedly susceptible to a local command line argument buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied input data prior to copying it into an insufficiently sized memory buffer.

The 'mRouter' binary is installed by default with setuid superuser permissions. This vulnerability allows users with local interactive access to a computer with the affected application installed to gain superuser privileges.