Mac OS X 10.4.x < 10.4.5 Kernel Undocumented System Call Local DoS
2006-02-15T00:00:00
ID MACOSX_10_4_5.NASL Type nessus Reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. Modified 2021-06-02T00:00:00
Description
The remote host is running a version of Mac OS X 10.4.x that is prior
to 10.4.5.
Mac OS X 10.4.5 contains a security fix for a local denial of service
vulnerability. A malicious local user may trigger the vulnerability by
invoking an undocumented system call.
#
# (C) Tenable Network Security, Inc.
#
if ( ! defined_func("bn_random") ) exit(0);
include("compat.inc");
if(description)
{
script_id(20911);
script_version ("1.16");
script_cve_id("CVE-2006-0382");
script_bugtraq_id(16654);
script_name(english:"Mac OS X 10.4.x < 10.4.5 Kernel Undocumented System Call Local DoS");
script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a Mac OS X update which fixes a security
issue." );
script_set_attribute(attribute:"description", value:
"The remote host is running a version of Mac OS X 10.4.x that is prior
to 10.4.5.
Mac OS X 10.4.5 contains a security fix for a local denial of service
vulnerability. A malicious local user may trigger the vulnerability by
invoking an undocumented system call." );
script_set_attribute(attribute:"solution", value:
"Upgrade to Mac OS X 10.4.5 :
http://www.apple.com/support/downloads/macosxupdate1045.html
http://www.apple.com/support/downloads/macosxserver1045.html" );
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
# http://web.archive.org/web/20060405112613/http://docs.info.apple.com/article.html?artnum=61798
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f26343c2" );
script_set_attribute(attribute:"plugin_publication_date", value: "2006/02/15");
script_set_attribute(attribute:"vuln_publication_date", value: "2006/02/14");
script_set_attribute(attribute:"patch_publication_date", value: "2006/02/14");
script_cvs_date("Date: 2018/07/14 1:59:35");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
script_end_attributes();
script_summary(english:"Check for the version of Mac OS X");
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
script_family(english:"MacOS X Local Security Checks");
script_dependencies("ssh_get_info.nasl","mdns.nasl");
#script_require_keys("Host/MacOSX/packages");
exit(0);
}
os = get_kb_item("Host/MacOSX/Version");
if ( ! os ) os = get_kb_item("mDNS/os");
if ( ! os ) exit(0);
if ( ereg(pattern:"Mac OS X 10\.4($|\.[1-4]([^0-9]|$))", string:os )) security_note(0);
{"id": "MACOSX_10_4_5.NASL", "bulletinFamily": "scanner", "title": "Mac OS X 10.4.x < 10.4.5 Kernel Undocumented System Call Local DoS", "description": "The remote host is running a version of Mac OS X 10.4.x that is prior\nto 10.4.5.\n\nMac OS X 10.4.5 contains a security fix for a local denial of service \nvulnerability. A malicious local user may trigger the vulnerability by \ninvoking an undocumented system call.", "published": "2006-02-15T00:00:00", "modified": "2021-06-02T00:00:00", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://www.tenable.com/plugins/nessus/20911", "reporter": "This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.", "references": ["http://www.nessus.org/u?f26343c2"], "cvelist": ["CVE-2006-0382"], "type": "nessus", "lastseen": "2021-06-01T01:09:01", "edition": 29, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-0382"]}, {"type": "osvdb", "idList": ["OSVDB:23190"]}], "modified": "2021-06-01T01:09:01", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2021-06-01T01:09:01", "rev": 2}, "vulnersScore": 5.5}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(20911);\n script_version (\"1.16\");\n script_cve_id(\"CVE-2006-0382\");\n script_bugtraq_id(16654);\n\n script_name(english:\"Mac OS X 10.4.x < 10.4.5 Kernel Undocumented System Call Local DoS\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update which fixes a security\nissue.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.4.x that is prior\nto 10.4.5.\n\nMac OS X 10.4.5 contains a security fix for a local denial of service \nvulnerability. A malicious local user may trigger the vulnerability by \ninvoking an undocumented system call.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mac OS X 10.4.5 :\nhttp://www.apple.com/support/downloads/macosxupdate1045.html\nhttp://www.apple.com/support/downloads/macosxserver1045.html\" );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n # http://web.archive.org/web/20060405112613/http://docs.info.apple.com/article.html?artnum=61798\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f26343c2\" );\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/02/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2006/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2006/02/14\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\nscript_end_attributes();\n\n script_summary(english:\"Check for the version of Mac OS X\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"MacOS X Local Security Checks\");\n script_dependencies(\"ssh_get_info.nasl\",\"mdns.nasl\");\n #script_require_keys(\"Host/MacOSX/packages\");\n exit(0);\n}\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif ( ! os ) os = get_kb_item(\"mDNS/os\");\nif ( ! os ) exit(0);\n\nif ( ereg(pattern:\"Mac OS X 10\\.4($|\\.[1-4]([^0-9]|$))\", string:os )) security_note(0);\n", "naslFamily": "MacOS X Local Security Checks", "pluginID": "20911", "cpe": ["cpe:/o:apple:mac_os_x"], "scheme": null, "immutableFields": []}
{"cve": [{"lastseen": "2021-04-21T20:31:05", "description": "Apple Mac OS X 10.4.5 and allows local users to cause a denial of service (crash) via an undocumented system call.", "edition": 5, "cvss3": {}, "published": "2006-02-14T22:06:00", "title": "CVE-2006-0382", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0382"], "modified": "2017-07-20T01:29:00", "cpe": ["cpe:/o:apple:mac_os_x:10.4.5"], "id": "CVE-2006-0382", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0382", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2021-06-08T19:02:59", "bulletinFamily": "software", "cvelist": ["CVE-2006-0382"], "edition": 2, "description": "## Vulnerability Description\nMac OS X contains a flaw that may allow a local denial of service. The issue is triggered when a local user invokes an undocumented system call, and will result in loss of availability for the platform.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.\n## Short Description\nMac OS X contains a flaw that may allow a local denial of service. The issue is triggered when a local user invokes an undocumented system call, and will result in loss of availability for the platform.\n## References:\n[Vendor Specific Advisory URL](http://lists.apple.com/archives/security-announce/2006/Feb/msg00000.html)\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=303290)\nSecurity Tracker: 1015634\n[Secunia Advisory ID:18907](https://secuniaresearch.flexerasoftware.com/advisories/18907/)\nKeyword: APPLE-SA-2006-02-14\n[CVE-2006-0382](https://vulners.com/cve/CVE-2006-0382)\nBugtraq ID: 16654\n", "modified": "2006-02-14T15:45:44", "published": "2006-02-14T15:45:44", "href": "https://vulners.com/osvdb/OSVDB:23190", "id": "OSVDB:23190", "title": "Mac OS X Kernel Undocumented System Call Local DoS", "type": "osvdb", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}
