Vulnerability CVE-2010-0105

See in [MITRE] [NVD]

Search:
WLB2

Vulnerability CVE-2010-0105


Published: 2010-04-27   Modified: 2010-12-10

Description:
The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service (filesystem corruption) via a crafted application that calls the mkdir and link functions, related to the fsck_hfs program in the diskdev_cmds component.

See advisories in our WLB2 database:
Topic
Author
Date
Medium Risk
MacOS X 10.6.3 filesystem hfs Denial of Service Vulnerability
Maksymilian Arci...
23.04.2010
Medium Risk
MacOS X 10.6 hfs file system attack (Denial of Service) PoC
Maksymilian Arci...
22.04.2010


Type:
CWE-DesignError

Vendor: Apple
Product: Mac os x 
Version:
10.6.4
10.6.3
10.6.2
10.6.1
10.6.0
10.5.8

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.9/10
6.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

Related CVE
[ CVE-2014-4450 ]
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-pr...
[ CVE-2014-4449 ]
iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS serv...
[ CVE-2014-4448 ]
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, whi...
[ CVE-2014-4447 ]
Profile Manager in Apple OS X Server before 4.0 allows local users to discover cleartext pa...
[ CVE-2014-4446 ]
Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a se...
[ CVE-2014-4444 ]
SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the c...
[ CVE-2014-4443 ]
Apple OS X before 10.10 allows remote attackers to cause a denial of service (NULL pointer ...
[ CVE-2014-4442 ]
The kernel in Apple OS X before 10.10 allows local users to cause a denial of service (pani...
[ CVE-2014-4441 ]
NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of Fil...
[ CVE-2014-4440 ]
The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy...

References:
http://www.securitytracker.com/id?1024723
http://www.securityfocus.com/bid/39658
http://support.apple.com/kb/HT4435
http://securityreason.com/achievement_securityalert/83
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
Copyright 2014, cxsecurity.com