Vulnerabilities > CVE-2006-4392 - Multiple Security vulnerability in Apple Mac OS X Pre 10.4.8
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task address space in a way that causes the child to call a parent-controlled function.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 8 | |
| OS | 1 |
Exploit-Db
| description | Mac OS X. CVE-2006-4392. Local exploit for osx platform |
| id | EDB-ID:2464 |
| last seen | 2016-01-31 |
| modified | 2006-09-30 |
| published | 2006-09-30 |
| reporter | Kevin Finisterre |
| source | https://www.exploit-db.com/download/2464/ |
| title | Mac OS X <= 10.4.7 - Mach Exception Handling Local Exploit 10.3.x 0day |
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_10_4_8.NASL description The remote host is running a version of Mac OS X 10.4.x that is prior to 10.4.8. Mac OS X 10.4.8 contains several security fixes for the following programs : - CFNetwork - Flash Player - ImageIO - Kernel - LoginWindow - Preferences - QuickDraw Manager - SASL - WebCore - Workgroup Manager last seen 2020-06-01 modified 2020-06-02 plugin id 22476 published 2006-09-29 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22476 title Mac OS X 10.4.x < 10.4.8 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(22476); script_version ("1.18"); if ( NASL_LEVEL >= 3000 ) script_cve_id("CVE-2006-4390", "CVE-2006-3311", "CVE-2006-3587", "CVE-2006-3588", "CVE-2006-4640", "CVE-2006-4391", "CVE-2006-4392", "CVE-2006-4397", "CVE-2006-4393", "CVE-2006-4394", "CVE-2006-4387", "CVE-2006-4395", "CVE-2006-1721", "CVE-2006-3946", "CVE-2006-4399"); script_bugtraq_id(20271); if ( NASL_LEVEL >= 3000 ) { # nb: 29275 is invalid } script_name(english:"Mac OS X 10.4.x < 10.4.8 Multiple Vulnerabilities"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update which fixes a security issue." ); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.4.x that is prior to 10.4.8. Mac OS X 10.4.8 contains several security fixes for the following programs : - CFNetwork - Flash Player - ImageIO - Kernel - LoginWindow - Preferences - QuickDraw Manager - SASL - WebCore - Workgroup Manager" ); script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=304460" ); script_set_attribute(attribute:"solution", value: "Upgrade to Mac OS X 10.4.8 : http://www.apple.com/support/downloads/macosx1048updateintel.html http://www.apple.com/support/downloads/macosx1048updateppc.html http://www.apple.com/support/downloads/macosxserver1048update.html" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(264); script_set_attribute(attribute:"plugin_publication_date", value: "2006/09/29"); script_set_attribute(attribute:"vuln_publication_date", value: "2006/04/07"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_set_attribute(attribute:"patch_publication_date", value: "2006/11/14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_summary(english:"Check for the version of Mac OS X"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"MacOS X Local Security Checks"); script_dependencies("ssh_get_info.nasl","mdns.nasl", "ntp_open.nasl"); #script_require_keys("Host/MacOSX/packages"); exit(0); } os = get_kb_item("Host/MacOSX/Version"); if ( ! os ) os = get_kb_item("mDNS/os"); if ( ! os ) exit(0); if ( ereg(pattern:"Mac OS X 10\.4($|\.[1-7]([^0-9]|$))", string:os)) security_hole(0);NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2006-006.NASL description The remote host is running a version of Mac OS X 10.3 which does not have the security update 2006-006 applied. Security Update 2006-006 contains several security fixes for the following programs : - CFNetwork - Flash Player - QuickDraw Manager - SASL - WebCore last seen 2020-06-01 modified 2020-06-02 plugin id 22479 published 2006-09-29 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22479 title Mac OS X Multiple Vulnerabilities (Security Update 2006-006) code # # (C) Tenable Network Security, Inc. # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(22479); script_version ("1.18"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id("CVE-2006-1721", "CVE-2006-3311", "CVE-2006-3587", "CVE-2006-3588", "CVE-2006-3946", "CVE-2006-4387", "CVE-2006-4390", "CVE-2006-4391", "CVE-2006-4392", "CVE-2006-4393", "CVE-2006-4394", "CVE-2006-4395", "CVE-2006-4397", "CVE-2006-4399", "CVE-2006-4640"); script_bugtraq_id(20271); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2006-006)"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update which fixes a security issue." ); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.3 which does not have the security update 2006-006 applied. Security Update 2006-006 contains several security fixes for the following programs : - CFNetwork - Flash Player - QuickDraw Manager - SASL - WebCore" ); script_set_attribute(attribute:"solution", value: "Upgrade to Mac OS X 10.4.8 : http://www.apple.com/support/downloads/macosx1048updateintel.html http://www.apple.com/support/downloads/macosx1048updateppc.html" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(264); script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=304460" ); script_set_attribute(attribute:"plugin_publication_date", value: "2006/09/29"); script_set_attribute(attribute:"vuln_publication_date", value: "2006/07/31"); script_set_attribute(attribute:"patch_publication_date", value: "2006/09/29"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_summary(english:"Check for the version of Mac OS X"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"MacOS X Local Security Checks"); script_dependencies("ssh_get_info.nasl","mdns.nasl", "ntp_open.nasl"); script_require_keys("Host/MacOSX/packages"); exit(0); } packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); uname = get_kb_item("Host/uname"); if ( egrep(pattern:"Darwin.* 7\.[0-9]\.", string:uname) ) { if (!egrep(pattern:"^SecUpd(Srvr)?(2006-00[67]|2007-003)", string:packages)) security_hole(0); }
Seebug
bulletinFamily exploit description No description provided by source. id SSV:16587 last seen 2017-11-19 modified 2006-09-30 published 2006-09-30 reporter Root source https://www.seebug.org/vuldb/ssvid-16587 title Mac OS X <= 10.4.7 Mach Exception Handling Local Exploit (10.3.x 0day) bulletinFamily exploit description No description provided by source. id SSV:64045 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-64045 title Mac OS X <= 10.4.7 - Mach Exception Handling Local Exploit (10.3.x 0day)
References
- http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html
- http://secunia.com/advisories/22187
- http://securityreason.com/securityalert/1663
- http://securitytracker.com/id?1016954
- http://www.kb.cert.org/vuls/id/838404
- http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/
- http://www.osvdb.org/29269
- http://www.securityfocus.com/archive/1/447396/100/0/threaded
- http://www.securityfocus.com/bid/20271
- http://www.us-cert.gov/cas/techalerts/TA06-275A.html
- http://www.vupen.com/english/advisories/2006/3852
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29281