CVE-2016-8661
N/A
N/A
Summary
Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow vulnerability that could be locally exploited which could lead to an escalation of privileges (EoP) and unauthorised ring0 access to the operating system. The buffer overflow is related to insufficient checking of parameters to the "OSMalloc" and "copyin" kernel API calls.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Little Snitch version 3.0 through 3.6.1 | Little Snitch version 3.0 through 3.6.1 | affected |
Weaknesses
- escalation of privileges
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/94352
- https://speakerdeck.com/patrickwardle/defcon-2016-i-got-99-problems-but-little-snitch-aint-one
References
- http://www.securityfocus.com/bid/94352
- https://speakerdeck.com/patrickwardle/defcon-2016-i-got-99-problems-but-little-snitch-aint-one
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.