Vulnerabilities > CVE-2006-5836 - Local Denial of Service vulnerability in Opendarwin Darwin Kernel 8.8.1

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

opendarwin

nessus

exploit available

NVD

Published: 2006-11-10

Updated: 2017-07-20

Summary

The fpathconf syscall function in bsd/kern/kern_descrip.c in the Darwin kernel (XNU) 8.8.1 in Apple Mac OS X allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a file descriptor with an unrecognized file type.

Vulnerable Configurations

Part	Description	Count
OS	Opendarwin Opendarwin Darwin Kernel 8.8.1	1

Exploit-Db

description	Apple Mac OS X 10.x FPathConf System Call Local Denial of Service Vulnerability. CVE-2006-5836. Dos exploit for osx platform
id	EDB-ID:28948
last seen	2016-02-03
modified	2006-11-09
published	2006-11-09
reporter	ilja van sprundel
source	https://www.exploit-db.com/download/28948/
title	Apple Mac OS X 10.x FPathConf System Call Local Denial of Service Vulnerability

Nessus

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_10_4_9.NASL
description	The remote host is running a version of Mac OS X 10.4 which is older than version 10.4.9 or a version of Mac OS X 10.3 which does not have Security Update 2007-003 applied. This update contains several security fixes for the following programs : - ColorSync - CoreGraphics - Crash Reporter - CUPS - Disk Images - DS Plugins - Flash Player - GNU Tar - HFS - HID Family - ImageIO - Kernel - MySQL server - Networking - OpenSSH - Printing - QuickDraw Manager - servermgrd - SMB File Server - Software Update - sudo - WebLog
last seen	2020-06-01
modified	2020-06-02
plugin id	24811
published	2007-03-13
reporter	This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/24811
title	Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)
code	# # (C) Tenable Network Security, Inc. # if ( ! defined_func("bn_random") ) exit(0); if ( NASL_LEVEL < 3004 ) exit(0); include("compat.inc"); if(description) { script_id(24811); script_version ("1.29"); script_cve_id("CVE-2007-0719", "CVE-2007-0467", "CVE-2007-0720", "CVE-2007-0721", "CVE-2007-0722", "CVE-2006-6061", "CVE-2006-6062", "CVE-2006-5679", "CVE-2007-0229", "CVE-2007-0267", "CVE-2007-0299", "CVE-2007-0723", "CVE-2006-5330", "CVE-2006-0300", "CVE-2006-6097", "CVE-2007-0318", "CVE-2007-0724", "CVE-2007-1071", "CVE-2007-0733", "CVE-2006-5836", "CVE-2006-6129", "CVE-2006-6173", "CVE-2006-1516", "CVE-2006-1517", "CVE-2006-2753", "CVE-2006-3081", "CVE-2006-4031", "CVE-2006-4226", "CVE-2006-3469", "CVE-2006-6130", "CVE-2007-0236", "CVE-2007-0726", "CVE-2006-0225", "CVE-2006-4924", "CVE-2006-5051", "CVE-2006-5052", "CVE-2007-0728", "CVE-2007-0588", "CVE-2007-0730", "CVE-2007-0731", "CVE-2007-0463", "CVE-2005-2959", "CVE-2006-4829"); script_bugtraq_id(20982, 21236, 21291, 21349, 22041, 22948); script_name(english:"Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update which fixes a security issue." ); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.4 which is older than version 10.4.9 or a version of Mac OS X 10.3 which does not have Security Update 2007-003 applied. This update contains several security fixes for the following programs : - ColorSync - CoreGraphics - Crash Reporter - CUPS - Disk Images - DS Plugins - Flash Player - GNU Tar - HFS - HID Family - ImageIO - Kernel - MySQL server - Networking - OpenSSH - Printing - QuickDraw Manager - servermgrd - SMB File Server - Software Update - sudo - WebLog" ); script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=305214" ); script_set_attribute(attribute:"solution", value: "Mac OS X 10.4 : Upgrade to Mac OS X 10.4.9 : http://www.apple.com/support/downloads/macosxserver1049updateppc.html http://www.apple.com/support/downloads/macosx1049updateintel.html http://www.apple.com/support/downloads/macosxserver1049updateuniversal.html Mac OS X 10.3 : Apply Security Update 2007-003 : http://www.apple.com/support/downloads/securityupdate20070031039client.html http://www.apple.com/support/downloads/securityupdate20070031039server.html" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(79, 119, 362, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2007/03/13"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/09/28"); script_set_attribute(attribute:"patch_publication_date", value: "2007/03/13"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_summary(english:"Check for the version of Mac OS X"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_family(english:"MacOS X Local Security Checks"); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); exit(0); } os = get_kb_item("Host/MacOSX/Version"); if ( ! os ) { os = get_kb_item("Host/OS"); confidence = get_kb_item("Host/OS/Confidence"); if ( confidence <= 90 ) exit(0); } if ( ! os ) exit(0); if ( ereg(pattern:"Mac OS X 10\.4($\|\.[1-8]([^0-9]\|$))", string:os)) security_hole(0); else if ( ereg(pattern:"Mac OS X 10\.3\.", string:os) ) { packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); if (!egrep(pattern:"^SecUpd(Srvr)?2007-003", string:packages)) security_hole(0); }

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References