Vulnerability CVE-2010-0105

See in [MITRE] [NVD]

Search:
WLB2

Vulnerability CVE-2010-0105


Published: 2010-04-27   Modified: 2010-12-10

Description:
The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service (filesystem corruption) via a crafted application that calls the mkdir and link functions, related to the fsck_hfs program in the diskdev_cmds component.

See advisories in our WLB2 database:
Topic
Author
Date
Medium Risk
MacOS X 10.6.3 filesystem hfs Denial of Service Vulnerability
Maksymilian Arci...
23.04.2010
Medium Risk
MacOS X 10.6 hfs file system attack (Denial of Service) PoC
Maksymilian Arci...
22.04.2010


Type:
CWE-DesignError

Vendor: Apple
Product: Mac os x 
Version:
10.6.4
10.6.3
10.6.2
10.6.1
10.6.0
10.5.8

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.9/10
6.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

Related CVE
[ CVE-2014-9165 ]
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x befor...
[ CVE-2014-9159 ]
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before ...
[ CVE-2014-9158 ]
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X al...
[ CVE-2014-8461 ]
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X al...
[ CVE-2014-8460 ]
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before ...
[ CVE-2014-8459 ]
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X al...
[ CVE-2014-8458 ]
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X al...
[ CVE-2014-8457 ]
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before ...
[ CVE-2014-8456 ]
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X al...
[ CVE-2014-8455 ]
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x befor...

References:
http://www.securitytracker.com/id?1024723
http://www.securityfocus.com/bid/39658
http://support.apple.com/kb/HT4435
http://securityreason.com/achievement_securityalert/83
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
Copyright 2014, cxsecurity.com