Overview
A vulnerability in the Mac OS X kernel could allow an authenticated local attacker to cause a denial of service.
Description
The fpathconf() system call provides a method for applications to determine the current value of a configurable system limit or option variable associated with a file descriptor. The version of fpathconf() provided with the Apple Mac OS X kernel (XNU) is programmed to panic when it is passed file descriptors associated with types it cannot otherwise handle, such as semaphore descriptors returned by the sem_open() system call for named semaphores. |
Impact
An authenticated local attacker could cause the affected system to crash due to a kernel panic. This condition results in a denial of service. |
Solution
Apply a patch from the vendor Apple has published Mac OS X 10.4.9 for Mac OS X 10.4 (Tiger) systems and Security Update 2007-003 for Mac OS X 10.3 (Panther) systems in response to this issue. Users are encouraged to review Apple Support Article ID 305214 and apply the appropriate update for their system. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was published by LMH as part of the Month of Kernel Bugs project. Ilja van Sprundel is credited with the discovery of this issue.
This document was written by Chad R Dougherty.
Other Information
| CVE IDs: | CVE-2006-5836 |
| Severity Metric: | 5.18 |
| Date Public: | 2006-11-09 |
| Date First Published: | 2007-03-14 |
| Date Last Updated: | 2007-07-21 02:54 UTC |
| Document Revision: | 10 |