Apple Mac OS X fpathconf() denial of service
| macosx-fpathconf-dos (30152) |  Low Risk |
Description:
Mac OS X is vulnerable to a denial of service caused by an error in the fpathconf() syscall. A local attacker could create a specially-crafted file that could cause a kernel panic once the file is opened.
Platforms Affected:
- Apple, Mac OS X 10.4
- Apple, Mac OS X 10.4.1
- Apple, Mac OS X 10.4.10
- Apple, Mac OS X 10.4.11
- Apple, Mac OS X 10.4.2
- Apple, Mac OS X 10.4.3
- Apple, Mac OS X 10.4.4
- Apple, Mac OS X 10.4.5
- Apple, Mac OS X 10.4.6
- Apple, Mac OS X 10.4.7
- Apple, Mac OS X 10.4.8
- Apple, Mac OS X Server 10.4
- Apple, Mac OS X Server 10.4.1
- Apple, Mac OS X Server 10.4.10
- Apple, Mac OS X Server 10.4.11
- Apple, Mac OS X Server 10.4.2
- Apple, Mac OS X Server 10.4.3
- Apple, Mac OS X Server 10.4.4
- Apple, Mac OS X Server 10.4.5
- Apple, Mac OS X Server 10.4.6
- Apple, Mac OS X Server 10.4.7
- Apple, Mac OS X Server 10.4.8
Remedy:
Upgrade to the latest version of Mac OS X (10.4.9 or later) or apply Apple Security Update 2007-003. See References.
Consequences:
Denial of Service
References:
- Apple Mac OS X Web site, Apple - Apple - Mac OS X - Leopard Sneak Peek at http://www.apple.com/macosx/leopard/.
- Mac OS X 10.4.9 and Security Update 2007-003, About the security content of Mac OS X 10.4.9 and Security Update 2007-003 at http://docs.info.apple.com/article.html?artnum=305214.
- MOKB-09-11-2006, Mac OS X fpathconf() syscall denial of service at http://www.securiteam.com/mokb/projects.info-pull.com/mokb/MOKB-09-11-2006.html.
- BID-20982: Apple Mac OS X FPathConf System Call Local Denial of Service Vulnerability
- CVE-2006-5836: The fpathconf syscall function in bsd/kern/kern_descrip.c in the Darwin kernel (XNU) 8.8.1 in Apple Mac OS X allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a file descriptor with an unrecognized file type.
- OSVDB ID: 30216: Mac OS X fpathconf() Function Local DoS
- SA22808: Mac OS X "fpathconf()" Denial of Service
- SA24479: Mac OS X Security Update Fixes Multiple Vulnerabilities
- SECTRACK ID: 1017751: Mac OS X Lets Remote Users Execute Arbitrary Code and Local Users Obtain Elevated Privileges and Deny Service
- US-CERT VU#765096: Mac OS X kernel "fpathconf()" syscall fails to properly handle unknown file types
- VUPEN/ADV-2006-4448: Apple Mac OS X fpathconf() File Type Handling Denial of Service Vulnerability
- VUPEN/ADV-2007-0930: Apple Mac OS X Multiple Remote Code Execution and Denial of Service Vulnerabilities
Reported:
Nov 09, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net