Vulnerability CVE-2010-0105

See in [MITRE] [NVD]

Search:
WLB2

Vulnerability CVE-2010-0105


Published: 2010-04-27   Modified: 2010-12-10

Description:
The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service (filesystem corruption) via a crafted application that calls the mkdir and link functions, related to the fsck_hfs program in the diskdev_cmds component.

See advisories in our WLB2 database:
Topic
Author
Date
Medium Risk
MacOS X 10.6.3 filesystem hfs Denial of Service Vulnerability
Maksymilian Arci...
23.04.2010
Medium Risk
MacOS X 10.6 hfs file system attack (Denial of Service) PoC
Maksymilian Arci...
22.04.2010


Type:
CWE-DesignError

Vendor: Apple
Product: Mac os x 
Version:
10.6.4
10.6.3
10.6.2
10.6.1
10.6.0
10.5.8

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.9/10
6.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

Related CVE
[ CVE-2014-5031 ]
The web interface in CUPS before 2.0 does not check that files have world-readable permissi...
[ CVE-2014-5030 ]
CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) inde...
[ CVE-2014-5029 ]
The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files ...
[ CVE-2014-4979 ]
Apple QuickTime allows remote attackers to execute arbitrary code or cause a denial of serv...
[ CVE-2014-3537 ]
The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary...
[ CVE-2014-1383 ]
Apple TV before 6.1.2 allows remote authenticated users to bypass an intended password requ...
[ CVE-2014-1382 ]
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, ...
[ CVE-2014-1381 ]
Thunderbolt in Apple OS X before 10.9.4 does not properly restrict IOThunderBoltController ...
[ CVE-2014-1380 ]
The Security - Keychain component in Apple OS X before 10.9.4 does not properly implement k...
[ CVE-2014-1379 ]
Graphics Drivers in Apple OS X before 10.9.4 allows attackers to gain privileges or cause a...

References:
http://www.securitytracker.com/id?1024723
http://www.securityfocus.com/bid/39658
http://support.apple.com/kb/HT4435
http://securityreason.com/achievement_securityalert/83
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
Copyright 2014, cxsecurity.com