CERTVU:765096Mac OS X kernel "fpathconf()" syscall fails to properly handle unknown file types
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
25.6%
Overview
A vulnerability in the Mac OS X kernel could allow an authenticated local attacker to cause a denial of service.
Description
The fpathconf() system call provides a method for applications to determine the current value of a configurable system limit or option variable associated with a file descriptor. The version of fpathconf() provided with the Apple Mac OS X kernel (XNU) is programmed to panic when it is passed file descriptors associated with types it cannot otherwise handle, such as semaphore descriptors returned by the sem_open() system call for named semaphores.
Impact
An authenticated local attacker could cause the affected system to crash due to a kernel panic. This condition results in a denial of service.
Solution
Apply a patch from the vendor
Apple has published Mac OS X 10.4.9 for Mac OS X 10.4 (Tiger) systems and Security Update 2007-003 for Mac OS X 10.3 (Panther) systems in response to this issue. Users are encouraged to review Apple Support Article ID 305214 and apply the appropriate update for their system.
Vendor Information
765096
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Apple Computer, Inc. __ Affected
Updated: March 13, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Apple has published Mac OS X 10.4.9 for Mac OS X 10.4 (Tiger) systems and Security Update 2007-003 for Mac OS X 10.3 (Panther) systems in response to this issue. Users are encouraged to review Apple Support Article ID 305214 and apply the appropriate update for their system.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23765096 Feedback>).
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://projects.info-pull.com/mokb/MOKB-09-11-2006.html>
- <http://secunia.com/advisories/22808/>
- <http://docs.info.apple.com/article.html?artnum=305214>
- <http://secunia.com/advisories/24479/>
- <http://securitytracker.com/alerts/2007/Mar/1017751.html>
- <http://www.securityfocus.com/bid/20982>
Acknowledgements
This vulnerability was published by LMH as part of the Month of Kernel Bugs project. Ilja van Sprundel is credited with the discovery of this issue.
This document was written by Chad R Dougherty.
Other Information
| CVE IDs: | CVE-2006-5836 |
|---|---|
| Severity Metric: | 5.18 Date Public: |
Related
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
25.6%