Roxio Toast TDIXSupport本地格式串漏洞

Apple OS X中kextload的prelink.c存在格式串漏洞，正如Roxio Toast Titanium中TDIXSupport和其他产品中使用的。本地用户借助extension参数中的格式串标识符执行任意代码。

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .
@securityfocus.com>

来源: XF
名称: roxio-toast-tdixsupport-format-string(18472)
链接:http://xforce.iss.net/xforce/xfdb/18472

来源: BID
名称: 20031
链接:http://www.securityfocus.com/bid/20031

来源: BID
名称: 11926
链接:http://www.securityfocus.com/bid/11926

来源: www.netragard.com
链接:http://www.netragard.com/pdfs/research/apple-kext-tools-20060822.txt

来源: BUGTRAQ
名称: 20041214 Possible local root vulnerability in Roxio Toast on Mac OS X
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110305083706943&w=2

来源: FULLDISC
名称: 20060913 [NETRAGARD-20060822 SECURITY ADVISORY] [ APPLE COMPUTER CORPORATION KEXTLOAD VULNERABILITY + ROXIO TOAST TITANUM 7 HELPER APP – LOCAL ROOT COMROMISE]
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049452.html