Published: 02/04/2009 Updated: 29/09/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and previous versions on Apple Mac OS X 10.5.6 and previous versions allows remote malicious users to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple mac os x 10.0
apple mac os x 10.1.0
apple mac os x 10.1.1
apple mac os x 10.1.2
apple mac os x 10.2.2
apple mac os x 10.2.3
apple mac os x 10.3.0
apple mac os x 10.3.1
apple mac os x 10.3.8
apple mac os x 10.3.9
apple mac os x 10.4
apple mac os x 10.4.4
apple mac os x 10.4.5
apple mac os x 10.4.9
apple mac os x 10.5
apple mac os x
apple mac os x server 10.0
apple mac os x server 10.1.0
apple mac os x server 10.1.1
apple mac os x server 10.2.1
apple mac os x server 10.2.2
apple mac os x server 10.3.0
apple mac os x server 10.3.1
apple mac os x server 10.3.8
apple mac os x server 10.3.9
apple mac os x server 10.4.3
apple mac os x server 10.4.4
apple mac os x server 10.5.1
apple mac os x server 10.5.2
apple mac os x 10.0.2
apple mac os x 10.0.3
apple mac os x 10.1.5
apple mac os x 10.2
apple mac os x 10.2.6
apple mac os x 10.2.7
apple mac os x 10.3.4
apple mac os x 10.3.5
apple mac os x 10.4.10
apple mac os x 10.4.11
apple mac os x 10.4.8
apple mac os x 10.5.2
apple mac os x server 10.0.2
apple mac os x server 10.0.3
apple mac os x server 10.1.4
apple mac os x server 10.1.5
apple mac os x server 10.2.5
apple mac os x server 10.2.6
apple mac os x server 10.2.7
apple mac os x server 10.3.4
apple mac os x server 10.3.5
apple mac os x server 10.4.1
apple mac os x server 10.4.10
apple mac os x server 10.4.8
apple mac os x server 10.4.9
apple mac os x server 10.5.5
apple mac os x server
apple mac os x 10.0.0
apple mac os x 10.0.1
apple mac os x 10.1.3
apple mac os x 10.1.4
apple mac os x 10.2.4
apple mac os x 10.2.5
apple mac os x 10.3.2
apple mac os x 10.3.3
apple mac os x 10.4.0
apple mac os x 10.4.1
apple mac os x 10.4.6
apple mac os x 10.4.7
apple mac os x 10.5.0
apple mac os x 10.5.1
apple mac os x server 10.0.0
apple mac os x server 10.0.1
apple mac os x server 10.1.2
apple mac os x server 10.1.3
apple mac os x server 10.2.3
apple mac os x server 10.2.4
apple mac os x server 10.3.2
apple mac os x server 10.3.3
apple mac os x server 10.4
apple mac os x server 10.4.0
apple mac os x server 10.4.5
apple mac os x server 10.4.6
apple mac os x server 10.4.7
apple mac os x server 10.5.3
apple mac os x server 10.5.4
apple mac os x 10.0.4
apple mac os x 10.1
apple mac os x 10.2.0
apple mac os x 10.2.1
apple mac os x 10.2.8
apple mac os x 10.3
apple mac os x 10.3.6
apple mac os x 10.3.7
apple mac os x 10.4.2
apple mac os x 10.4.3
apple mac os x 10.5.3
apple mac os x 10.5.4
apple mac os x 10.5.5
apple mac os x server 10.0.4
apple mac os x server 10.1
apple mac os x server 10.2
apple mac os x server 10.2.0
apple mac os x server 10.2.8
apple mac os x server 10.3
apple mac os x server 10.3.6
apple mac os x server 10.3.7
apple mac os x server 10.4.11
apple mac os x server 10.4.2
apple mac os x server 10.5
apple mac os x server 10.5.0

/* xnu-appletalk-zipc * * Copyright (c) 2008 by <mu-b@digit-labsorg> * * Apple MACOS X xnu <= 1228313 appletalk zip-notify remote kernel overflow PoC * by mu-b - Sun 13 Apr 2008 * * - Tested on: Apple MACOS X 1051 (xnu-122802~1/RELEASE_I386) * Apple MACOS X 1052 (xnu-1228313~1/RELEASE_I386) * * Compile: g ...

CWE-119 http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=216401181 http://www.digit-labs.org/files/exploits/xnu-appletalk-zip.c http://www.securityfocus.com/bid/34201 http://secunia.com/advisories/34424 https://www.exploit-db.com/exploits/8262 https://nvd.nist.gov https://www.exploit-db.com/exploits/8262/

Get Started

CVE-2009-1236

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect