BID:21285 - Apple Mac OS X KQueue Local Denial of Service Vulnerability

Apple Mac OS X KQueue Local Denial of Service Vulnerability

BID:21285

Info

Apple Mac OS X KQueue Local Denial of Service Vulnerability

Bugtraq ID:	21285
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2006-6127
Remote:	No
Local:	Yes
Published:	Nov 24 2006 12:00AM
Updated:	Nov 15 2007 05:04PM
Credit:	Discovery of this issue is credited to dugsong.
Vulnerable:	Apple Mac OS X Server 10.4.10 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X 10.4.10 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1

Not Vulnerable:	Apple Mac OS X Server 10.4.11 Apple Mac OS X 10.4.11

Discussion

Apple Mac OS X KQueue Local Denial of Service Vulnerability

Apple Mac OS X is prone to a local denial-of-service vulnerability because the kernel fails to properly handle exceptional conditions.

Exploiting this issue allows local, unprivileged users to crash affected kernels, denying further service to legitimate users.

Apple Mac OS X version 10.4.8 is vulnerable to this issue; other versions may also be affected.

Exploit / POC

Apple Mac OS X KQueue Local Denial of Service Vulnerability

The following exploit is sufficient to trigger this issue:

/data/vulnerabilities/exploits/MOKB-24-11-2006.c

Solution / Fix

Apple Mac OS X KQueue Local Denial of Service Vulnerability

Solution:
The vendor released an update to address this issue. Please see the references for more information.

Apple Mac OS X 10.4.1

Apple Mac OS X 10.4.11 Combo Update (Intel)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16036&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11Intel.dmg

Apple Mac OS X 10.4.11 Combo Update (PPC)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16051&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11PPC.dmg

Apple Mac OS X 10.4.10

Apple Mac OS X 10.4.11 Combo Update (Intel)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16036&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11Intel.dmg

Apple Mac OS X 10.4.11 Combo Update (PPC)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16051&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11PPC.dmg

Apple Mac OS X 10.4.2

Apple Mac OS X 10.4.11 Combo Update (Intel)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16036&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11Intel.dmg

Apple Mac OS X 10.4.11 Combo Update (PPC)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16051&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11PPC.dmg

Apple Mac OS X 10.4.3

Apple Mac OS X 10.4.11 Combo Update (Intel)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16036&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11Intel.dmg

Apple Mac OS X 10.4.11 Combo Update (PPC)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16051&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11PPC.dmg

Apple Mac OS X 10.4.4

Apple Mac OS X 10.4.11 Combo Update (Intel)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16036&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11Intel.dmg

Apple Mac OS X 10.4.11 Combo Update (PPC)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16051&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11PPC.dmg

Apple Mac OS X 10.4.5

Apple Mac OS X 10.4.11 Combo Update (Intel)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16036&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11Intel.dmg

Apple Mac OS X 10.4.11 Combo Update (PPC)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16051&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11PPC.dmg

Apple Mac OS X 10.4.6

Apple Mac OS X 10.4.11 Combo Update (Intel)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16036&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11Intel.dmg

Apple Mac OS X 10.4.11 Combo Update (PPC)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16051&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11PPC.dmg

Apple Mac OS X 10.4.7

Apple Mac OS X 10.4.11 Combo Update (Intel)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16036&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11Intel.dmg

Apple Mac OS X 10.4.11 Combo Update (PPC)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16051&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11PPC.dmg

Apple Mac OS X 10.4.8

Apple Mac OS X 10.4.11 Combo Update (Intel)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16036&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11Intel.dmg

Apple Mac OS X 10.4.11 Combo Update (PPC)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16051&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11PPC.dmg

Apple Mac OS X 10.4.9

Apple Mac OS X 10.4.11 Combo Update (Intel)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16036&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11Intel.dmg

Apple Mac OS X 10.4.11 Combo Update (PPC)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16051&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11PPC.dmg

References

Apple Mac OS X KQueue Local Denial of Service Vulnerability

References:

Mac OS X Homepage (Apple)
MOKB-24-11-2006: Mac OS X kqueue Local Denial of Service (MOKB)