Apple Mac OS X UDIF Disk Image Remote Denial Of Service Vulnerability
BID:21201
Info
Apple Mac OS X UDIF Disk Image Remote Denial Of Service Vulnerability
| Bugtraq ID: | 21201 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-6062 CVE-2006-6061 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 20 2006 12:00AM |
| Updated: | Mar 15 2007 03:34AM |
| Credit: | LMH <[email protected]> discovered this issue. |
| Vulnerable: |
Apple Mac OS X Server 10.4.8 Apple Mac OS X 10.4.8 |
| Not Vulnerable: |
Apple Mac OS X Server 10.4.9 Apple Mac OS X 10.4.9 |
Discussion
Apple Mac OS X UDIF Disk Image Remote Denial Of Service Vulnerability
Apple Mac OS X is prone to a remote denial-of-service vulnerability when handling specially crafted UDIF disk image files.
Successfully exploiting this issue allows remote users to crash affected computers, denying service to legitimate users.
Mac OS X version 10.4.8 is vulnerable to this issue; other versions may also be affected.
Note: Further information from Alastair Houghton reports that this issue cannot be exploited to execute arbitrary code. See the references for details.
Apple Mac OS X is prone to a remote denial-of-service vulnerability when handling specially crafted UDIF disk image files.
Successfully exploiting this issue allows remote users to crash affected computers, denying service to legitimate users.
Mac OS X version 10.4.8 is vulnerable to this issue; other versions may also be affected.
Note: Further information from Alastair Houghton reports that this issue cannot be exploited to execute arbitrary code. See the references for details.
Exploit / POC
Apple Mac OS X UDIF Disk Image Remote Denial Of Service Vulnerability
The following image file will demonstrate this issue:
The following image file will demonstrate this issue:
Solution / Fix
Apple Mac OS X UDIF Disk Image Remote Denial Of Service Vulnerability
Solution:
The vendor released version 10.4.9 to address this issue. Please see the references for more information.
Apple Mac OS X Server 10.4.8
Apple Mac OS X 10.4.8
Solution:
The vendor released version 10.4.9 to address this issue. Please see the references for more information.
Apple Mac OS X Server 10.4.8
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
Apple Mac OS X 10.4.8
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
References
Apple Mac OS X UDIF Disk Image Remote Denial Of Service Vulnerability
References:
References:
- Apple Security Updates (Apple)
- dmg vulnerability debunked (Alastair Houghton)
- Mac OS X Homepage (Apple)
- MOKB-20-11-2006: Mac OS X Apple UDIF Disk Image Kernel Memory Corruption (1) (MOKB)
- Vulnerability Note VU#367424 - Apple Mac OS X fails to properly handle corrupted (US-CERT)