4.6
MEDIUM

CVE-2005-0969

Published: 12/05/2005 Updated: 05/09/2008
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

Vulnerability Summary

Heap-based buffer overflow in the syscall emulation functionality in Mac OS X before 10.3.9 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via crafted parameters.

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Access Complexity: LOW
Authentication: NONE
Access Vector: LOCAL
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Affected Products

Vendor Product Versions
AppleMac Os X10.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.1, 10.1.1, 10.1.2, 10.1.3, 10.1.4, 10.1.5, 10.2, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 10.2.5, 10.2.6, 10.2.7, 10.2.8, 10.3, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, 10.3.6, 10.3.7, 10.3.8

Mitigation

Administrators are advised to apply the appropriate patch.
Administrators are advised to restrict access to affected systems.
Administrators are advised to remove the syscall emulation functionality.

Exploitation

The fourth vulnerability (CAN-2005-0975) can only be exploited to cause a temporary interruption of service. 
All of these vulnerabilities can only be exploited by an attacker with local system access.  Administrators are advised to limit local system access to trusted users.

References