BID:13223

Apple Mac OS X Kernel Setsockopt Local Denial Of Service Vulnerability

Info

Apple Mac OS X Kernel Setsockopt Local Denial Of Service Vulnerability

Bugtraq ID:	13223
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2005-0973
Remote:	No
Local:	Yes
Published:	Apr 15 2005 12:00AM
Updated:	Jul 12 2009 02:06PM
Credit:	Discovery of this issue is credited to Robert Stump <[email protected]>.
Vulnerable:	Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.1.5 Apple Mac OS X Server 10.1.4 Apple Mac OS X Server 10.1.3 Apple Mac OS X Server 10.1.2 Apple Mac OS X Server 10.1.1 Apple Mac OS X Server 10.1 Apple Mac OS X Server 10.0 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 Apple Mac OS X 10.2.8 Apple Mac OS X 10.2.7 Apple Mac OS X 10.2.6 Apple Mac OS X 10.2.5 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2 Apple Mac OS X 10.1.5 Apple Mac OS X 10.1.4 Apple Mac OS X 10.1.3 Apple Mac OS X 10.1.2 Apple Mac OS X 10.1.1 Apple Mac OS X 10.1 Apple Mac OS X 10.1 Apple Mac OS X 10.0.4 Apple Mac OS X 10.0.3 Apple Mac OS X 10.0.2 Apple Mac OS X 10.0.1 Apple Mac OS X 10.0 3 Apple Mac OS X 10.0

Not Vulnerable:	Apple Mac OS X Server 10.3.9 Apple Mac OS X 10.3.9

Discussion

Apple Mac OS X Kernel Setsockopt Local Denial Of Service Vulnerability

A local denial of service vulnerability affects Apple Mac OS X. The vendor reports that the kernel 'setsockopt()' function fails to properly validate user-supplied arguments.

This issue may allow a local attacker to exhaust computer memory and ultimately trigger a denial of service condition.

It should be noted that this issue was previously reported in BID 13203 (Apple Mac OS X Kernel Multiple Local Privilege Escalation And Denial Of Service Vulnerabilities); it has been assigned its own BID.

Exploit / POC

Apple Mac OS X Kernel Setsockopt Local Denial Of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

Apple Mac OS X Kernel Setsockopt Local Denial Of Service Vulnerability

Solution:
Apple has released security advisory APPLE-SA-2005-04-15 along with fixes dealing with this and other issues. Please see the referenced advisory for more information.

Apple Mac OS X Server 10.3