Mac OS X 10.4.x < 10.4.5 Kernel Undocumented System Call Local DoS
2006-02-15T00:00:00
ID MACOSX_10_4_5.NASL Type nessus Reporter Tenable Modified 2016-11-28T00:00:00
Description
The remote host is running a version of Mac OS X 10.4.x that is prior to 10.4.5.
Mac OS X 10.4.5 contains a security fix for a local denial of service vulnerability. A malicious local user may trigger the vulnerability by invoking an undocumented system call.
#
# (C) Tenable Network Security, Inc.
#
if ( ! defined_func("bn_random") ) exit(0);
include("compat.inc");
if(description)
{
script_id(20911);
script_version ("$Revision: 1.15 $");
script_cve_id("CVE-2006-0382");
script_bugtraq_id(16654);
script_osvdb_id(23190);
script_name(english:"Mac OS X 10.4.x < 10.4.5 Kernel Undocumented System Call Local DoS");
script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a Mac OS X update which fixes a security
issue." );
script_set_attribute(attribute:"description", value:
"The remote host is running a version of Mac OS X 10.4.x that is prior
to 10.4.5.
Mac OS X 10.4.5 contains a security fix for a local denial of service
vulnerability. A malicious local user may trigger the vulnerability by
invoking an undocumented system call." );
script_set_attribute(attribute:"solution", value:
"Upgrade to Mac OS X 10.4.5 :
http://www.apple.com/support/downloads/macosxupdate1045.html
http://www.apple.com/support/downloads/macosxserver1045.html" );
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
# http://web.archive.org/web/20060405112613/http://docs.info.apple.com/article.html?artnum=61798
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f26343c2" );
script_set_attribute(attribute:"plugin_publication_date", value: "2006/02/15");
script_set_attribute(attribute:"vuln_publication_date", value: "2006/02/14");
script_set_attribute(attribute:"patch_publication_date", value: "2006/02/14");
script_cvs_date("$Date: 2016/11/28 21:06:37 $");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
script_end_attributes();
script_summary(english:"Check for the version of Mac OS X");
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2006-2016 Tenable Network Security, Inc.");
script_family(english:"MacOS X Local Security Checks");
script_dependencies("ssh_get_info.nasl","mdns.nasl");
#script_require_keys("Host/MacOSX/packages");
exit(0);
}
os = get_kb_item("Host/MacOSX/Version");
if ( ! os ) os = get_kb_item("mDNS/os");
if ( ! os ) exit(0);
if ( ereg(pattern:"Mac OS X 10\.4($|\.[1-4]([^0-9]|$))", string:os )) security_note(0);
{"hash": "152e5849e55983fa8c29c83965490004e2d43584a7983eca627668fc6475ff48", "naslFamily": "MacOS X Local Security Checks", "id": "MACOSX_10_4_5.NASL", "lastseen": "2017-10-29T13:35:29", "viewCount": 1, "hashmap": [{"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "9d53a44a39e44a7e03310c99e8c761a8", "key": "cpe"}, {"hash": "0b81f2601b1d511d633c728f79753849", "key": "cvelist"}, {"hash": "2194071404940988ecd78926323dff49", "key": "cvss"}, {"hash": "b49c89f9d9ff19d5e134d077640a4b01", "key": "description"}, {"hash": "fffcc86df2fc43405071598acb371d96", "key": "href"}, {"hash": "5b6e285ed6333e664cb3599907b7f5b6", "key": "modified"}, {"hash": "9415f91090c2218ae67dd519ff399983", "key": "naslFamily"}, {"hash": "6b967fe2534e4c3e13a69881876a9cdf", "key": "pluginID"}, {"hash": "6b5d957d9ffda72cf0a549fff5606f5b", "key": "published"}, {"hash": "ec757c713c6650ff7ab556bed78fdd1f", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "a421a1907be81471cf59df2cda008189", "key": "sourceData"}, {"hash": "dddd0d1a967729f4f337103dd79ef78d", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}], "bulletinFamily": "scanner", "cpe": ["cpe:/o:apple:mac_os_x"], "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "edition": 3, "enchantments": {"vulnersScore": 2.1}, "type": "nessus", "description": "The remote host is running a version of Mac OS X 10.4.x that is prior to 10.4.5.\n\nMac OS X 10.4.5 contains a security fix for a local denial of service vulnerability. A malicious local user may trigger the vulnerability by invoking an undocumented system call.", "title": "Mac OS X 10.4.x < 10.4.5 Kernel Undocumented System Call Local DoS", "history": [{"bulletin": {"hash": "d7eab6d531949cc08df808bd0733e2076a4e1b6aa2bfa108a92d9b04960a0ff1", "naslFamily": "MacOS X Local Security Checks", "edition": 2, "lastseen": "2016-11-29T05:31:38", "enchantments": {}, "hashmap": [{"hash": "a421a1907be81471cf59df2cda008189", "key": "sourceData"}, {"hash": "6b5d957d9ffda72cf0a549fff5606f5b", "key": "published"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "ec757c713c6650ff7ab556bed78fdd1f", "key": "references"}, {"hash": "5b6e285ed6333e664cb3599907b7f5b6", "key": "modified"}, {"hash": "fffcc86df2fc43405071598acb371d96", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0b81f2601b1d511d633c728f79753849", "key": "cvelist"}, {"hash": "dddd0d1a967729f4f337103dd79ef78d", "key": "title"}, {"hash": "2194071404940988ecd78926323dff49", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "9415f91090c2218ae67dd519ff399983", "key": "naslFamily"}, {"hash": "b49c89f9d9ff19d5e134d077640a4b01", "key": "description"}, {"hash": "6b967fe2534e4c3e13a69881876a9cdf", "key": "pluginID"}], "bulletinFamily": "scanner", "cpe": [], "history": [], "id": "MACOSX_10_4_5.NASL", "type": "nessus", "description": "The remote host is running a version of Mac OS X 10.4.x that is prior to 10.4.5.\n\nMac OS X 10.4.5 contains a security fix for a local denial of service vulnerability. A malicious local user may trigger the vulnerability by invoking an undocumented system call.", "viewCount": 1, "title": "Mac OS X 10.4.x < 10.4.5 Kernel Undocumented System Call Local DoS", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "objectVersion": "1.2", "cvelist": ["CVE-2006-0382"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(20911);\n script_version (\"$Revision: 1.15 $\");\n script_cve_id(\"CVE-2006-0382\");\n script_bugtraq_id(16654);\n script_osvdb_id(23190);\n\n script_name(english:\"Mac OS X 10.4.x < 10.4.5 Kernel Undocumented System Call Local DoS\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update which fixes a security\nissue.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.4.x that is prior\nto 10.4.5.\n\nMac OS X 10.4.5 contains a security fix for a local denial of service \nvulnerability. A malicious local user may trigger the vulnerability by \ninvoking an undocumented system call.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mac OS X 10.4.5 :\nhttp://www.apple.com/support/downloads/macosxupdate1045.html\nhttp://www.apple.com/support/downloads/macosxserver1045.html\" );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n # http://web.archive.org/web/20060405112613/http://docs.info.apple.com/article.html?artnum=61798\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f26343c2\" );\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/02/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2006/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2006/02/14\");\n script_cvs_date(\"$Date: 2016/11/28 21:06:37 $\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\nscript_end_attributes();\n\n script_summary(english:\"Check for the version of Mac OS X\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"MacOS X Local Security Checks\");\n script_dependencies(\"ssh_get_info.nasl\",\"mdns.nasl\");\n #script_require_keys(\"Host/MacOSX/packages\");\n exit(0);\n}\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif ( ! os ) os = get_kb_item(\"mDNS/os\");\nif ( ! os ) exit(0);\n\nif ( ereg(pattern:\"Mac OS X 10\\.4($|\\.[1-4]([^0-9]|$))\", string:os )) security_note(0);\n", "published": "2006-02-15T00:00:00", "pluginID": "20911", "references": ["http://www.nessus.org/u?f26343c2"], "reporter": "Tenable", "modified": "2016-11-28T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=20911"}, "lastseen": "2016-11-29T05:31:38", "edition": 2, "differentElements": ["cpe"]}, {"bulletin": {"hash": "9f7f1cd9f8b667b3b523e1ad2534b00b2a4afa91b9d224d19c2d39649364468a", "naslFamily": "MacOS X Local Security Checks", "edition": 1, "lastseen": "2016-09-26T17:23:48", "viewCount": 0, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "6b5d957d9ffda72cf0a549fff5606f5b", "key": "published"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "ec757c713c6650ff7ab556bed78fdd1f", "key": "references"}, {"hash": "fffcc86df2fc43405071598acb371d96", "key": "href"}, {"hash": "a5d9c5c3928b6122e7ddaf69dc2ae3cb", "key": "modified"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "26f10b992e2ba4820bf73f397c68140d", "key": "sourceData"}, {"hash": "0b81f2601b1d511d633c728f79753849", "key": "cvelist"}, {"hash": "dddd0d1a967729f4f337103dd79ef78d", "key": "title"}, {"hash": "1dcc661cdfda12a08c9babfba87a927a", "key": "cvss"}, {"hash": "9415f91090c2218ae67dd519ff399983", "key": "naslFamily"}, {"hash": "b49c89f9d9ff19d5e134d077640a4b01", "key": "description"}, {"hash": "6b967fe2534e4c3e13a69881876a9cdf", "key": "pluginID"}], "bulletinFamily": "exploit", "history": [], "id": "MACOSX_10_4_5.NASL", "type": "nessus", "description": "The remote host is running a version of Mac OS X 10.4.x that is prior to 10.4.5.\n\nMac OS X 10.4.5 contains a security fix for a local denial of service vulnerability. A malicious local user may trigger the vulnerability by invoking an undocumented system call.", "title": "Mac OS X 10.4.x < 10.4.5 Kernel Undocumented System Call Local DoS", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "objectVersion": "1.2", "cvelist": ["CVE-2006-0382"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(20911);\n script_version (\"$Revision: 1.14 $\");\n script_cve_id(\"CVE-2006-0382\");\n script_bugtraq_id(16654);\n script_osvdb_id(23190);\n\n script_name(english:\"Mac OS X 10.4.x < 10.4.5 Kernel Undocumented System Call Local DoS\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update which fixes a security\nissue.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.4.x that is prior\nto 10.4.5.\n\nMac OS X 10.4.5 contains a security fix for a local denial of service \nvulnerability. A malicious local user may trigger the vulnerability by \ninvoking an undocumented system call.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mac OS X 10.4.5 :\nhttp://www.apple.com/support/downloads/macosxupdate1045.html\nhttp://www.apple.com/support/downloads/macosxserver1045.html\" );\n # http://web.archive.org/web/20060405112613/http://docs.info.apple.com/article.html?artnum=61798\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f26343c2\" );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/02/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2006/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2006/02/14\");\n script_cvs_date(\"$Date: 2016/04/21 16:08:18 $\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\nscript_end_attributes();\n\n script_summary(english:\"Check for the version of Mac OS X\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"MacOS X Local Security Checks\");\n script_dependencies(\"ssh_get_info.nasl\",\"mdns.nasl\");\n #script_require_keys(\"Host/MacOSX/packages\");\n exit(0);\n}\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif ( ! os ) os = get_kb_item(\"mDNS/os\");\nif ( ! os ) exit(0);\n\nif ( ereg(pattern:\"Mac OS X 10\\.4($|\\.[1-4]([^0-9]|$))\", string:os )) security_note(0);\n", "published": "2006-02-15T00:00:00", "pluginID": "20911", "references": ["http://www.nessus.org/u?f26343c2"], "reporter": "Tenable", "modified": "2016-04-21T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=20911"}, "lastseen": "2016-09-26T17:23:48", "edition": 1, "differentElements": ["modified", "sourceData"]}], "objectVersion": "1.3", "cvelist": ["CVE-2006-0382"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(20911);\n script_version (\"$Revision: 1.15 $\");\n script_cve_id(\"CVE-2006-0382\");\n script_bugtraq_id(16654);\n script_osvdb_id(23190);\n\n script_name(english:\"Mac OS X 10.4.x < 10.4.5 Kernel Undocumented System Call Local DoS\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update which fixes a security\nissue.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.4.x that is prior\nto 10.4.5.\n\nMac OS X 10.4.5 contains a security fix for a local denial of service \nvulnerability. A malicious local user may trigger the vulnerability by \ninvoking an undocumented system call.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mac OS X 10.4.5 :\nhttp://www.apple.com/support/downloads/macosxupdate1045.html\nhttp://www.apple.com/support/downloads/macosxserver1045.html\" );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n # http://web.archive.org/web/20060405112613/http://docs.info.apple.com/article.html?artnum=61798\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f26343c2\" );\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/02/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2006/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2006/02/14\");\n script_cvs_date(\"$Date: 2016/11/28 21:06:37 $\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\nscript_end_attributes();\n\n script_summary(english:\"Check for the version of Mac OS X\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"MacOS X Local Security Checks\");\n script_dependencies(\"ssh_get_info.nasl\",\"mdns.nasl\");\n #script_require_keys(\"Host/MacOSX/packages\");\n exit(0);\n}\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif ( ! os ) os = get_kb_item(\"mDNS/os\");\nif ( ! os ) exit(0);\n\nif ( ereg(pattern:\"Mac OS X 10\\.4($|\\.[1-4]([^0-9]|$))\", string:os )) security_note(0);\n", "published": "2006-02-15T00:00:00", "pluginID": "20911", "references": ["http://www.nessus.org/u?f26343c2"], "reporter": "Tenable", "modified": "2016-11-28T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=20911"}
{"result": {"cve": [{"id": "CVE-2006-0382", "type": "cve", "title": "CVE-2006-0382", "description": "Apple Mac OS X 10.4.5 and allows local users to cause a denial of service (crash) via an undocumented system call.", "published": "2006-02-14T17:06:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0382", "cvelist": ["CVE-2006-0382"], "lastseen": "2017-07-20T10:49:04"}], "osvdb": [{"id": "OSVDB:23190", "type": "osvdb", "title": "Mac OS X Kernel Undocumented System Call Local DoS", "description": "## Vulnerability Description\nMac OS X contains a flaw that may allow a local denial of service. The issue is triggered when a local user invokes an undocumented system call, and will result in loss of availability for the platform.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.\n## Short Description\nMac OS X contains a flaw that may allow a local denial of service. The issue is triggered when a local user invokes an undocumented system call, and will result in loss of availability for the platform.\n## References:\n[Vendor Specific Advisory URL](http://lists.apple.com/archives/security-announce/2006/Feb/msg00000.html)\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=303290)\nSecurity Tracker: 1015634\n[Secunia Advisory ID:18907](https://secuniaresearch.flexerasoftware.com/advisories/18907/)\nKeyword: APPLE-SA-2006-02-14\n[CVE-2006-0382](https://vulners.com/cve/CVE-2006-0382)\nBugtraq ID: 16654\n", "published": "2006-02-14T15:45:44", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:23190", "cvelist": ["CVE-2006-0382"], "lastseen": "2017-04-28T13:20:20"}]}}