Apple Mac OS X DMG UFS UFS_LookUp Denial Of Service Vulnerability

Bugtraq ID:	22036
Class:	Boundary Condition Error
CVE:	CVE-2007-0267
Remote:	Yes
Local:	No
Published:	Jan 13 2007 12:00AM
Updated:	Mar 14 2007 02:54PM
Credit:	LMH <[email protected]> is credited with the discovery of this vulnerability.
Vulnerable:	FreeBSD FreeBSD 6.1 -STABLE FreeBSD FreeBSD 6.1 -RELEASE-p10 FreeBSD FreeBSD 6.1 -RELEASE Apple Mac OS X Server 10.4.8 Apple Mac OS X 10.4.8
Not Vulnerable:	Apple Mac OS X Server 10.4.9 Apple Mac OS X 10.4.9

Apple Mac OS X DMG UFS UFS_LookUp Denial Of Service Vulnerability

Apple Mac OS X is prone to a remote denial-of-service vulnerability. This issue occurs when the UFS filesystem handler fails to handle specially crafted DMG images.

A successful exploit can allow a remote attacker to cause kernel panic, resulting in a denial-of-service condition.

Mac OS X 10.4.8 is vulnerable; other versions may also be affected.

Apple Mac OS X DMG UFS UFS_LookUp Denial Of Service Vulnerability

To exploit this issue, an attacker must entice an unsuspecting user to open a malicious DMG image file.

The following exploit is available:

• /data/vulnerabilities/exploits/MOAB-12-01-2007.dmg.gz

Apple Mac OS X DMG UFS UFS_LookUp Denial Of Service Vulnerability

Solution:
The vendor released an advisory and fixes to address this issue. Please see the references for more information.


Apple Mac OS X Server 10.4.8

• Apple Mac OS X v10.4.9
  http://www.apple.com/support/downloads/

Apple Mac OS X 10.4.8

• Apple Mac OS X v10.4.9
  http://www.apple.com/support/downloads/

Apple Mac OS X DMG UFS UFS_LookUp Denial Of Service Vulnerability

References:

• Mac OS X Homepage (Apple)
  
• MOAB-12-01-2007: Apple DMG UFS ufs_lookup() Denial of Service Vulnerability (Apple Fun)