Languages

Archived - About the security content of Xcode Tools 2.5

This article has been archived and is no longer updated by Apple.

This document describes the security content of Xcode Tools 2.5, which can be downloaded and installed from http://developer.apple.com/tools/download/.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see Apple Security Updates.

Xcode Tools 2.5

  • gdb

    CVE-ID: CVE-2006-2362

    Available for: Mac OS X v10.4.x, Mac OS X v10.5

    Impact: Processing a file with maliciously crafted TekHex content may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow exists in gdb's handling of files with Tektronix Hex Format (TekHex) content. By enticing a user to run gdb's "restore" command on a maliciously crafted TekHex file, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of TekHex records.

  • WebObjects

    CVE-ID: CVE-2006-5327, CVE-2006-5328

    Available for: Mac OS X v10.4.x, Mac OS X v10.5

    Impact: An unprivileged local user may be able to obtain system privileges

    Description: The Xcode WebObjects package contains a demo version of OpenBase for use with WebObjects example code. This demo version of OpenBase may allow a local user to obtain system privileges. This update addresses the issue by disabling the Apple-provided demo version of OpenBase. Credit to Kevin Finisterre of Netragard for reporting these issues.

Last Modified: Feb 20, 2012
  • Last Modified: Feb 20, 2012
  • Article: TA25030
  • Views:

    1790

Additional Product Support Information