Apple Mac OS X AppleTalk AIOCRegLocalZN IOCTL Stack Buffer Overflow Vulnerability

Bugtraq ID:	21317
Class:	Boundary Condition Error
CVE:	CVE-2006-6130
Remote:	No
Local:	Yes
Published:	Nov 27 2006 12:00AM
Updated:	May 01 2007 11:39PM
Credit:	LMH <[email protected]> is credited with the discovery of this vulnerability.
Vulnerable:	Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4
Not Vulnerable:	Apple Mac OS X Server 10.4.9 Apple Mac OS X 10.4.9

Apple Mac OS X AppleTalk AIOCRegLocalZN IOCTL Stack Buffer Overflow Vulnerability

Apple Mac OS X is prone to a local memory-corruption vulnerability. This issue occurs when the operating system fails to handle specially crafted arguments to an IOCTL call.

Due to the nature of this issue, an attacker may be able to execute arbitrary machine code in the context of the affected kernel, but this has not been confirmed. Failed exploit attempts result in kernel panics, denying service to legitimate users.

Mac OS X version 10.4.8 is vulnerable to this issue; other versions may also be affected.

Apple Mac OS X AppleTalk AIOCRegLocalZN IOCTL Stack Buffer Overflow Vulnerability

The following proof of concept demonstrates this issue.

• /data/vulnerabilities/exploits/MOKB-27-11-2006.c

Apple Mac OS X AppleTalk AIOCRegLocalZN IOCTL Stack Buffer Overflow Vulnerability

Solution:
The vendor released an advisory and fixes to address this issue. Please see the references for further information.


Apple Mac OS X Server 10.4

• Apple Mac OS X v10.4.9
  http://www.apple.com/support/downloads/

Apple Mac OS X 10.4

• Apple Mac OS X v10.4.9
  http://www.apple.com/support/downloads/

Apple Mac OS X Server 10.4.1

• Apple Mac OS X v10.4.9
  http://www.apple.com/support/downloads/

Apple Mac OS X 10.4.1

• Apple Mac OS X v10.4.9
  http://www.apple.com/support/downloads/

Apple Mac OS X 10.4.2

• Apple Mac OS X v10.4.9
  http://www.apple.com/support/downloads/

Apple Mac OS X Server 10.4.2

• Apple Mac OS X v10.4.9
  http://www.apple.com/support/downloads/

Apple Mac OS X Server 10.4.3

• Apple Mac OS X v10.4.9
  http://www.apple.com/support/downloads/

Apple Mac OS X 10.4.3

• Apple Mac OS X v10.4.9
  http://www.apple.com/support/downloads/

Apple Mac OS X 10.4.4

• Apple Mac OS X v10.4.9
  http://www.apple.com/support/downloads/

Apple Mac OS X Server 10.4.4

• Apple Mac OS X v10.4.9
  http://www.apple.com/support/downloads/

Apple Mac OS X Server 10.4.5

• Apple Mac OS X v10.4.9
  http://www.apple.com/support/downloads/

Apple Mac OS X 10.4.5

• Apple Mac OS X v10.4.9
  http://www.apple.com/support/downloads/

Apple Mac OS X Server 10.4.6

• Apple Mac OS X v10.4.9
  http://www.apple.com/support/downloads/

Apple Mac OS X 10.4.6

• Apple Mac OS X v10.4.9
  http://www.apple.com/support/downloads/

Apple Mac OS X 10.4.7

• Apple Mac OS X v10.4.9
  http://www.apple.com/support/downloads/

Apple Mac OS X Server 10.4.7

• Apple Mac OS X v10.4.9
  http://www.apple.com/support/downloads/

Apple Mac OS X Server 10.4.8

• Apple Mac OS X v10.4.9
  http://www.apple.com/support/downloads/

Apple Mac OS X 10.4.8

• Apple Mac OS X v10.4.9
  http://www.apple.com/support/downloads/

Apple Mac OS X AppleTalk AIOCRegLocalZN IOCTL Stack Buffer Overflow Vulnerability

References:

• Mac OS X Homepage (Apple)