BID:13221

Apple Mac OS X Kernel NFS Mount Denial Of Service Vulnerability

Info

Apple Mac OS X Kernel NFS Mount Denial Of Service Vulnerability

Bugtraq ID:	13221
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2005-0974
Remote:	No
Local:	Yes
Published:	Apr 16 2005 12:00AM
Updated:	Jul 12 2009 02:06PM
Credit:	This issue was announced by the vendor.
Vulnerable:	Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.1.5 Apple Mac OS X Server 10.1.4 Apple Mac OS X Server 10.1.3 Apple Mac OS X Server 10.1.2 Apple Mac OS X Server 10.1.1 Apple Mac OS X Server 10.1 Apple Mac OS X Server 10.0 Apple Mac OS X 10.4 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 Apple Mac OS X 10.2.8 Apple Mac OS X 10.2.7 Apple Mac OS X 10.2.6 Apple Mac OS X 10.2.5 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2 Apple Mac OS X 10.1.5 Apple Mac OS X 10.1.4 Apple Mac OS X 10.1.3 Apple Mac OS X 10.1.2 Apple Mac OS X 10.1.1 Apple Mac OS X 10.1 Apple Mac OS X 10.1 Apple Mac OS X 10.0.4 Apple Mac OS X 10.0.3 Apple Mac OS X 10.0.2 Apple Mac OS X 10.0.1 Apple Mac OS X 10.0 3 Apple Mac OS X 10.0

Not Vulnerable:	Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.3.9 Apple Mac OS X 10.4.1 Apple Mac OS X 10.3.9

Discussion

Apple Mac OS X Kernel NFS Mount Denial Of Service Vulnerability

Apple Mac OS X is prone to a local denial of service vulnerability. This issue exists in Kernel NFS mount functionality and may permit a local attacker to crash the vulnerable computer.

It should be noted that this issue was previously reported in BID 13203 (Apple Mac OS X Kernel Multiple Local Privilege Escalation And Denial Of Service Vulnerabilities); it has been assigned its own BID.

Exploit / POC

Apple Mac OS X Kernel NFS Mount Denial Of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

Apple Mac OS X Kernel NFS Mount Denial Of Service Vulnerability

Solution:
Apple has released security advisory APPLE-SA-2005-04-15 along with fixes dealing with this issue for Mac OS X 10.3.8. Please see the referenced advisory for more information.

Apple has released security advisory APPLE-SA-2005-05-19 along with fixes dealing with this issue for Mac OS X 10.4. Please see the referenced advisory for more information.

Apple Mac OS X Server 10.3