Mac Season

If you're new to MacSeason.com and like what you see, you may want to subscribe to our RSS feed.

The 19th bug has been posted in the series of “Month of Apple Bugs” published on the web every day in January 2007 - this time a Transmit.app ftps:// URL Handler Heap Buffer Overflow issue.

Transmit 3 takes Mac OS X FTP to the next level by making file management easy. You can copy files to or from a server with drag and drop simplicity, or edit HTML code directly on a web server. You can even Preview graphic files on the fly with Transmit.

Transmit can speak to most any server that understands FTP, SFTP, FTP TLS/SSL, WebDAV, or secure WebDAV. It works great with everything from Mac OS X’s built-in FTP server to your iDisk. When dealing with the SFTP protocol, Transmit unfortunately does not allocate enough space when dealing with the string passed on via the URL handler, leading to an exploitable heap-based buffer overflow condition.

Full details | Official fix from Panic - version 3.5.6

This entry was posted on Saturday, January 20th, 2007 at 15:07 and is filed under Bugs. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.