Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6359

Overview

Vulnerability Score 4.9 4.9
CVE Id CVE-2007-6359
Last Modified 07 Mar 2011 10:02:32
Published 14 Dec 2007 08:46:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2007-6359

Summary

The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.5.1


References

CERT - TA08-150A

XF - macosx-csvalidatepage-dos(38997)

VUPEN - ADV-2008-1697

VUPEN - ADV-2007-4216

BID - 26840

SECUNIA - 28048

MISC - http://digit-labs.org/files/exploits/xnu-superblob-dos.c

SECUNIA - 30430

APPLE - APPLE-SA-2008-05-28

Related Patches

Apple 2008-05-28 Mac OS X Server 10.5.3 Combo Update

Apple 2008-05-28 Mac OS X Server 10.5.3 Update

Apple 2008-05-28 Mac OS X 10.5.3 Combo Update (Rev 2)

Apple 2008-05-28 Mac OS X 10.5.3 Update


Last Updated: 27 May 2016 10:46:28