Mac OS X Security Framework Crafted X.509 Certificate Handling Remote DoS

2006-11-14T07:04:00
ID OSVDB:30730
Type osvdb
Reporter Dr. Stephen Henson(steve@openssl.org)
Modified 2006-11-14T07:04:00

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a local denial of service. The issue is triggered when validating a specially crafted X.509 certificate containing a public key that could consume a significant amount of system resources during signature verification, and will result in loss of availability for the platform.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

Mac OS X contains a flaw that may allow a local denial of service. The issue is triggered when validating a specially crafted X.509 certificate containing a public key that could consume a significant amount of system resources during signature verification, and will result in loss of availability for the platform.

References:

Vendor Specific Advisory URL Security Tracker: 1017298 Secunia Advisory ID:23155 Related OSVDB ID: 30729 Related OSVDB ID: 30732 Related OSVDB ID: 30736 Related OSVDB ID: 30737 Related OSVDB ID: 30726 Related OSVDB ID: 30727 Related OSVDB ID: 30735 Related OSVDB ID: 30738 Related OSVDB ID: 30728 Related OSVDB ID: 30731 Related OSVDB ID: 30733 Related OSVDB ID: 30734 Related OSVDB ID: 30739 News Article: http://news.com.com/Apple+Mac+OS+X+patch+plugs+31+vulnerabilities/2100-1002_3-6139117.html FrSIRT Advisory: ADV-2006-4750 CVE-2006-4408 Bugtraq ID: 21335