SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Apple macOS/OS X Vendors:   Apple
Mac OS X Undocumented System Call Lets Local Users Deny Service
SecurityTracker Alert ID:  1015634
SecurityTracker URL:  http://securitytracker.com/id/1015634
CVE Reference:   CVE-2006-0382   (Links to External Site)
Date:  Feb 15 2006
Impact:   Denial of service via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 10.4.5
Description:   A vulnerability was reported in the Mac OS X kernel. A local user can cause denial of service conditions.

A local user can invoke an undocumented system call to cause the kernel to crash.

The vendor credits David Goldsmith of Matasano with reporting this vulnerability.

Impact:   A local user can cause the system to crash.
Solution:   The vendor has issued a fix as part of Mac OS X 10.4.5, available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

For Mac OS X v10.4.4 (PowerPC)
The download file is named: "MacOSXUpd10.4.5PPC.dmg"
Its SHA-1 digest is: c794af16563470fb16610bbaecedb59624a24dee

For Mac OS X v10.4.4 (Intel)
The download file is named: "MacOSXUpd10.4.5Intel.dmg"
Its SHA-1 digest is: 23def8fb52839c008d313c7cd301aa16efbdfd64

For Mac OS X v10.4 through Mac OS X v10.4.3
The download file is named: "MacOSXUpdCombo10.4.5PPC.dmg"
Its SHA-1 digest is: 1e1309d0a37aeb8fb42cf92480d2bba2db3372db

For Mac OS X Server v10.4.4
The download file is named: "MacOSXSvrBaseUpd10.4.5.dmg"
Its SHA-1 digest is: 8922dcf05fa96f034a9be9d47cf150ac628bc707

Vendor URL:  docs.info.apple.com/article.html?artnum=61798 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents

Subject:  APPLE-SA-2006-02-14 Mac OS X v10.4.5

APPLE-SA-2006-02-14 Mac OS X v10.4.5

Mac OS X v10.4.5 and Mac OS X Server v10.4.5 are now available and
deliver the following security enhancement:

Kernel
CVE-ID:  CVE-2006-0382
Available for:  Mac OS X v10.4.5, Mac OS X Server v10.4.5
Impact:  A malicious local user can cause a system crash
Description:  A malicious local user may trigger a system crash by
invoking an undocumented system call. This update addresses the
issue by removing the system call from the kernel. Credit to David
Goldsmith of Matasano for reporting this issue.

Mac OS X v10.4.5 may be obtained from the Software Update pane in
System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

For Mac OS X v10.4.4 (PowerPC)
The download file is named:  "MacOSXUpd10.4.5PPC.dmg"
Its SHA-1 digest is:  c794af16563470fb16610bbaecedb59624a24dee

For Mac OS X v10.4.4 (Intel)
The download file is named:  "MacOSXUpd10.4.5Intel.dmg"
Its SHA-1 digest is:  23def8fb52839c008d313c7cd301aa16efbdfd64

For Mac OS X v10.4 through Mac OS X v10.4.3
The download file is named:  "MacOSXUpdCombo10.4.5PPC.dmg"
Its SHA-1 digest is:  1e1309d0a37aeb8fb42cf92480d2bba2db3372db

For Mac OS X Server v10.4.4
The download file is named:  "MacOSXSvrBaseUpd10.4.5.dmg"
Its SHA-1 digest is:  8922dcf05fa96f034a9be9d47cf150ac628bc707

Information will also be posted to the Apple Product Security
web site:  http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC