Mac OS X Kernel Can Be Crashed By Local Users Sending a Long Command Line Argument
|
|
SecurityTracker Alert ID: 1008026
|
|
CVE Reference: CAN-2003-0895
(Links to External Site)
|
Date: Oct 28 2003
|
Impact: Denial of service via local system
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: @Stake - L0pht
|
Version(s): 10.2.8 and prior versions
|
Description: A buffer overflow vulnerability was reported in the Mac OS X operating system. A local user can cause the kernel to crash.
@stake reported that a local user can supply a long command line argument to trigger the flaw. In addition to causing a kernel crash,
it is reported that a local user may be able to view small portions of kernel memory.
According to the report, the overflow will
not be logged.
The report indicates that it may be possible in some cases for this vulnerability to be exploited by a remote
user if a network-based application spawns a process using user-supplied input.
|
Impact: A local user can cause the kernel to crash.
|
Solution: The vendor has released a fixed version of Mac OS X (10.3). For more information, see:
http://www.apple.com/macosx/
|
Vendor URL: www.apple.com/ (Links to External Site)
|
Cause: Boundary error, Exception handling error
|
Underlying OS: UNIX (Mac OS X)
|
Reported By: "@stake Advisories" <advisories@atstake.com>
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
