Apple Mac OS X TCP/IP Processing Bug Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1014464
|
|
SecurityTracker URL: http://securitytracker.com/id?1014464
|
|
CVE Reference: CVE-2005-2194
(Links to External Site)
|
Updated: Jun 15 2008
|
Original Entry Date: Jul 12 2005
|
Impact: Denial of service via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Apple Security Advisory
|
Version(s): 10.4 only
|
Description: A vulnerability was reported in Apple Mac OS X in the processing of TCP/IP connections. A remote user can cause denial of service conditions.
A remote user can send a specifically crafted TCP/IP packet to the target system to trigger a null pointer dereference and cause
a kernel panic.
The system must be rebooted to return to normal operations.
The vendor credits Julian Y. Koh and colleagues
of Northwestern University with reporting this vulnerability.
|
Impact: A remote user can cause a kernel panic, requiring a reboot to return the system to normal operations.
|
Solution: Apple has issued a fix as part of Mac OS X 10.4.2, available using Software Update, or from Apple Downloads:
http://www.apple.com/support/downloads/
|
Vendor URL: docs.info.apple.com/article.html?artnum=301948 (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: UNIX (Mac OS X)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 12 Jul 2005 16:52:40 -0400
Subject: http://docs.info.apple.com/article.html?artnum=301948
|
Mac OS X 10.4.2 Update
CVE: CAN-2005-2194, CAN-2005-1333
|
|
