Vulnerability CVE-2010-0105


Published: 2010-04-27   Modified: 2010-12-10

Description:
The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service (filesystem corruption) via a crafted application that calls the mkdir and link functions, related to the fsck_hfs program in the diskdev_cmds component.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
MacOS X 10.6.3 filesystem hfs Denial of Service Vulnerability
Maksymilian Arci...
23.04.2010
Med.
MacOS X 10.6 hfs file system attack (Denial of Service) PoC
Maksymilian Arci...
22.04.2010

Type:

CWE-DesignError

Vendor: Apple
Product: Mac os x 
Version:
10.6.4
10.6.3
10.6.2
10.6.1
10.6.0
10.5.8

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.9/10
6.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://www.securitytracker.com/id?1024723
http://www.securityfocus.com/bid/39658
http://support.apple.com/kb/HT4435
http://securityreason.com/achievement_securityalert/83
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

Related CVE
CVE-2017-2372
An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the "Projects" component, which allows remote attackers to execute arbitrary code or cause a denial of se...
CVE-2017-2373
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cau...
CVE-2017-2374
An issue was discovered in certain Apple products. GarageBand before 10.1.6 is affected. The issue involves the "Projects" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2368
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "Contacts" component. It allows remote attackers to cause a denial of service (application crash) via a crafted contact card.
CVE-2017-2369
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cau...
CVE-2017-2370
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to ex...
CVE-2017-2371
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WebKit" component, which allows remote attackers to launch popups via a crafted web site.
CVE-2017-2363
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attacker...

Copyright 2017, cxsecurity.com