search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Apple Mac OS X contains a vulnerability in DiskArbitration when initializing writable removable media

Vulnerability Note VU#578886

Original Release Date: 2004-02-25 | Last Revised: 2004-03-19

Overview

Apple Mac OS X contains a vulnerability in the way DiskArbitration initializes writable removable media.

Description

The DiskArbitration Server in Apple Mac OS X tracks new disks and provides notifications announcing their availability. There is a non-specific vulnerability identified as CAN-2004-0167 in Apple Security Advisory Update 2004-02-23. This vulnerability is related to initialization of writable removable media (i.e., potentially CD-RW and DVD+RW disks).

Impact

The complete impact of this vulnerability is not yet known.

Solution

Apply Patch

Apple has released a patch to address this vulnerability. For further details, please see the Apple Security Advisory (Security Update 2004-02-23).

Vendor Information

578886
 
Expand all

Apple Computer Inc. Affected

Updated:  February 25, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please refer to the Apple Security Advisory.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was reported by Apple.

This document was written by Damon Morda.

Other Information

CVE IDs: CVE-2004-0167
Date Public: 2004-02-24
Date First Published: 2004-02-25
Date Last Updated: 2004-03-19 16:55 UTC
Document Revision: 13

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis