Vulnerability CVE-2010-0105

See in [MITRE] [NVD]

Search:
WLB2

Vulnerability CVE-2010-0105


Published: 2010-04-27   Modified: 2010-12-10

Description:
The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service (filesystem corruption) via a crafted application that calls the mkdir and link functions, related to the fsck_hfs program in the diskdev_cmds component.

See advisories in our WLB2 database:
Topic
Author
Date
Medium Risk
MacOS X 10.6.3 filesystem hfs Denial of Service Vulnerability
Maksymilian Arci...
23.04.2010
Medium Risk
MacOS X 10.6 hfs file system attack (Denial of Service) PoC
Maksymilian Arci...
22.04.2010


Type:
CWE-DesignError

Vendor: Apple
Product: Mac os x 
Version:
10.6.4
10.6.3
10.6.2
10.6.1
10.6.0
10.5.8

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.9/10
6.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

Related CVE
[ CVE-2014-4463 ]
Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen prot...
[ CVE-2014-4462 ]
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attacker...
[ CVE-2014-4461 ]
The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate I...
[ CVE-2014-4460 ]
CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the bro...
[ CVE-2014-4459 ]
Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote...
[ CVE-2014-4458 ]
The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extran...
[ CVE-2014-4457 ]
The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the de...
[ CVE-2014-4455 ]
dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlappi...
[ CVE-2014-4453 ]
Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment o...
[ CVE-2014-4452 ]
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attacker...

References:
http://www.securitytracker.com/id?1024723
http://www.securityfocus.com/bid/39658
http://support.apple.com/kb/HT4435
http://securityreason.com/achievement_securityalert/83
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
Copyright 2014, cxsecurity.com