A vulnerability in the Mac OS X kernel could allow an authenticated local attacker to cause a denial of service.
The fpathconf() system call provides a method for applications to determine the current value of a configurable system limit or option variable associated with a file descriptor. The version of fpathconf() provided with the Apple Mac OS X kernel (XNU) is programmed to panic when it is passed file descriptors associated with types it cannot otherwise handle, such as semaphore descriptors returned by the sem_open() system call for named semaphores.
An authenticated local attacker could cause the affected system to crash due to a kernel panic. This condition results in a denial of service.
Apply a patch from the vendor
Apple has published Mac OS X 10.4.9 for Mac OS X 10.4 (Tiger) systems and Security Update 2007-003 for Mac OS X 10.3 (Panther) systems in response to this issue. Users are encouraged to review Apple Support Article ID 305214 and apply the appropriate update for their system.
This vulnerability was published by LMH as part of the Month of Kernel Bugs project. Ilja van Sprundel is credited with the discovery of this issue.
This document was written by Chad R Dougherty.
|Date First Published:||2007-03-14|
|Date Last Updated:||2007-07-21 02:54 UTC|