Vulnerability CVE-2010-0105

See in [MITRE] [NVD]

Search:
WLB2

Vulnerability CVE-2010-0105


Published: 2010-04-27   Modified: 2010-12-10

Description:
The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service (filesystem corruption) via a crafted application that calls the mkdir and link functions, related to the fsck_hfs program in the diskdev_cmds component.

See advisories in our WLB2 database:
Topic
Author
Date
Medium Risk
MacOS X 10.6.3 filesystem hfs Denial of Service Vulnerability
Maksymilian Arci...
23.04.2010
Medium Risk
MacOS X 10.6 hfs file system attack (Denial of Service) PoC
Maksymilian Arci...
22.04.2010


Type:
CWE-DesignError

Vendor: Apple
Product: Mac os x 
Version:
10.6.4
10.6.3
10.6.2
10.6.1
10.6.0
10.5.8

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.9/10
6.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

Related CVE
[ CVE-2014-1313 ]
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers ...
[ CVE-2014-1312 ]
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers ...
[ CVE-2014-1311 ]
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers ...
[ CVE-2014-1310 ]
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers ...
[ CVE-2014-1309 ]
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers ...
[ CVE-2014-1308 ]
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers ...
[ CVE-2014-1307 ]
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers ...
[ CVE-2014-1305 ]
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers ...
[ CVE-2014-1304 ]
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers ...
[ CVE-2014-1302 ]
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers ...

References:
http://www.securitytracker.com/id?1024723
http://www.securityfocus.com/bid/39658
http://support.apple.com/kb/HT4435
http://securityreason.com/achievement_securityalert/83
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
Copyright 2014, cxsecurity.com