ID CVE-2007-6359
Summary The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL.
References
Vulnerable Configurations
  • cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
CVSS
Base: 4.9 (as of 08-08-2017 - 01:29)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:C
refmap via4
apple APPLE-SA-2008-05-28
bid 26840
cert TA08-150A
misc http://digit-labs.org/files/exploits/xnu-superblob-dos.c
secunia
  • 28048
  • 30430
vupen
  • ADV-2007-4216
  • ADV-2008-1697
xf macosx-csvalidatepage-dos(38997)
Last major update 08-08-2017 - 01:29
Published 15-12-2007 - 01:46
Last modified 08-08-2017 - 01:29
Back to Top