Red Hat Bugzilla – Bug 438146
CVE-2008-0992 pax: code execution via malicous archive
Last modified: 2012-05-19 23:09:15 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-0992 to the following vulnerability:
Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value.
Relevant part of Apple security advisory:
pax archive utility
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
Impact: Running the pax command on a maliciously crafted archive may
lead to arbitrary code execution
Description: The pax command line tool does not check a length in
its input before using it as an array index, which may lead to an
unexpected application termination or arbitrary code execution. This
update addresses the issue by checking the index. This issue does not
affect systems prior to Mac OS X v10.5.
No further details available.
Apple clarified that this issue is specific to their version of pax as used in
Mac OS X Leopard and does not affect BSD pax version we ship.