Vulnerabilities > CVE-2008-4219 - Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server

CVSS 4.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

local

low complexity

apple

CWE-399

nessus

NVD

Published: 2008-12-17

Updated: 2011-03-08

Summary

The kernel in Apple Mac OS X before 10.5.6 allows local users to cause a denial of service (infinite loop and system halt) by running an application that is dynamically linked to libraries on an NFS server, related to occurrence of an exception in this application.

Vulnerable Configurations

Part	Description	Count
OS	Apple Apple MAC OS X 10.5 Apple MAC OS X 10.5.1 Apple MAC OS X 10.5.2 Apple MAC OS X 10.5.3 Apple MAC OS X 10.5.4 Apple MAC OS X - Apple MAC OS X 10.0 Apple MAC OS X 10.0.0 Apple MAC OS X 10.0.1 Apple MAC OS X 10.0.2 Apple MAC OS X 10.0.3 Apple MAC OS X 10.0.4 Apple MAC OS X 10.1 Apple MAC OS X 10.1.0 Apple MAC OS X 10.1.1 Apple MAC OS X 10.1.2 Apple MAC OS X 10.1.3 Apple MAC OS X 10.1.4 Apple MAC OS X 10.1.5 Apple MAC OS X 10.2 Apple MAC OS X 10.2.0 Apple MAC OS X 10.2.1 Apple MAC OS X 10.2.2 Apple MAC OS X 10.2.3 Apple MAC OS X 10.2.4 Apple MAC OS X 10.2.5 Apple MAC OS X 10.2.6 Apple MAC OS X 10.2.7 Apple MAC OS X 10.2.8 Apple MAC OS X 10.3 Apple MAC OS X 10.3.0 Apple MAC OS X 10.3.1 Apple MAC OS X 10.3.2 Apple MAC OS X 10.3.3 Apple MAC OS X 10.3.4 Apple MAC OS X 10.3.5 Apple MAC OS X 10.3.6 Apple MAC OS X 10.3.7 Apple MAC OS X 10.3.8 Apple MAC OS X 10.3.9 Apple MAC OS X 10.4 Apple MAC OS X 10.4.0 Apple MAC OS X 10.4.1 Apple MAC OS X 10.4.2 Apple MAC OS X 10.4.3 Apple MAC OS X 10.4.4 Apple MAC OS X 10.4.5 Apple MAC OS X 10.4.6 Apple MAC OS X 10.4.7 Apple MAC OS X 10.4.8 Apple MAC OS X 10.4.9 Apple MAC OS X 10.4.10 Apple MAC OS X 10.4.11 Apple MAC OS X 10.5.0 Apple MAC OS X 10.5.5 Apple MAC OS X Server 10.5 Apple MAC OS X Server 10.5.1 Apple MAC OS X Server 10.5.2 Apple MAC OS X Server 10.5.3 Apple MAC OS X Server 10.5.4 Apple MAC OS X Server - Apple MAC OS X Server 5.0.2 Apple MAC OS X Server 5.0.3 Apple MAC OS X Server 5.0.14 Apple MAC OS X Server 5.0.15 Apple MAC OS X Server 10.0 Apple MAC OS X Server 10.0.0 Apple MAC OS X Server 10.0.1 Apple MAC OS X Server 10.0.2 Apple MAC OS X Server 10.0.3 Apple MAC OS X Server 10.0.4 Apple MAC OS X Server 10.1 Apple MAC OS X Server 10.1.0 Apple MAC OS X Server 10.1.1 Apple MAC OS X Server 10.1.2 Apple MAC OS X Server 10.1.3 Apple MAC OS X Server 10.1.4 Apple MAC OS X Server 10.1.5 Apple MAC OS X Server 10.2 Apple MAC OS X Server 10.2.0 Apple MAC OS X Server 10.2.1 Apple MAC OS X Server 10.2.2 Apple MAC OS X Server 10.2.3 Apple MAC OS X Server 10.2.4 Apple MAC OS X Server 10.2.5 Apple MAC OS X Server 10.2.6 Apple MAC OS X Server 10.2.7 Apple MAC OS X Server 10.2.8 Apple MAC OS X Server 10.3 Apple MAC OS X Server 10.3.0 Apple MAC OS X Server 10.3.1 Apple MAC OS X Server 10.3.2 Apple MAC OS X Server 10.3.3 Apple MAC OS X Server 10.3.4 Apple MAC OS X Server 10.3.5 Apple MAC OS X Server 10.3.6 Apple MAC OS X Server 10.3.7 Apple MAC OS X Server 10.3.8 Apple MAC OS X Server 10.3.9 Apple MAC OS X Server 10.4 Apple MAC OS X Server 10.4.0 Apple MAC OS X Server 10.4.1 Apple MAC OS X Server 10.4.2 Apple MAC OS X Server 10.4.3 Apple MAC OS X Server 10.4.4 Apple MAC OS X Server 10.4.5 Apple MAC OS X Server 10.4.6 Apple MAC OS X Server 10.4.7 Apple MAC OS X Server 10.4.8 Apple MAC OS X Server 10.4.9 Apple MAC OS X Server 10.4.10 Apple MAC OS X Server 10.4.11 Apple MAC OS X Server 10.5.0 Apple MAC OS X Server 10.5.5	114

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Nessus

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_10_5_6.NASL
description	The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.6. Mac OS X 10.5.6 contains security fixes for the following products : - ATS - BOM - CoreGraphics - CoreServices - CoreTypes - Flash Player Plug-in - Kernel - Libsystem - Managed Client - network_cmds - Podcast Producer - UDF
last seen	2020-06-01
modified	2020-06-02
plugin id	35111
published	2008-12-16
reporter	This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/35111
title	Mac OS X 10.5.x < 10.5.6 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3004) exit(0); include("compat.inc"); if (description) { script_id(35111); script_version("1.21"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id( "CVE-2008-1391", "CVE-2008-3170", "CVE-2008-3623", "CVE-2008-4217", "CVE-2008-4218", "CVE-2008-4219", "CVE-2008-4220", "CVE-2008-4221", "CVE-2008-4222", "CVE-2008-4223", "CVE-2008-4224", "CVE-2008-4234", "CVE-2008-4236", "CVE-2008-4237", "CVE-2008-4818", "CVE-2008-4819", "CVE-2008-4820", "CVE-2008-4821", "CVE-2008-4822", "CVE-2008-4823", "CVE-2008-4824" ); script_bugtraq_id( 28479, 30192, 32129, 32291, 32870, 32872, 32873, 32874, 32875, 32876, 32877, 32879, 32880, 32881 ); script_name(english:"Mac OS X 10.5.x < 10.5.6 Multiple Vulnerabilities"); script_summary(english:"Check the version of Mac OS X"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.6. Mac OS X 10.5.6 contains security fixes for the following products : - ATS - BOM - CoreGraphics - CoreServices - CoreTypes - Flash Player Plug-in - Kernel - Libsystem - Managed Client - network_cmds - Podcast Producer - UDF" ); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT3338" ); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Dec/msg00000.html" ); script_set_attribute(attribute:"solution", value: "Upgrade to Mac OS X 10.5.6 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 79, 119, 189, 200, 264, 287, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2008/12/16"); script_set_attribute(attribute:"patch_publication_date", value: "2008/12/15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); exit(0); } os = get_kb_item("Host/MacOSX/Version"); if (!os) os = get_kb_item("Host/OS"); if (!os) exit(0); if (ereg(pattern:"Mac OS X 10\.5\.[0-5]([^0-9]\|$)", string:os)) security_hole(0);

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References