CVE-2008-4219

The kernel in Apple Mac OS X before 10.5.6 allows local users to cause a denial of service (infinite loop and system halt) by running an application that is dynamically linked to libraries on an NFS server, related to occurrence of an exception in this application.

CVSS v2.0 4.9 MEDIUM

4.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html	Vendor Advisory
http://secunia.com/advisories/33179	Vendor Advisory
http://support.apple.com/kb/HT3338	Vendor Advisory
http://www.securityfocus.com/bid/32839
http://www.securityfocus.com/bid/32873
http://www.securitytracker.com/id?1021404
http://www.us-cert.gov/cas/techalerts/TA08-350A.html	US Government Resource
http://www.vupen.com/english/advisories/2008/3444

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:mac_os_x:10.5:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.1:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.2:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.3:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.4:::::::*
	cpe:2.3:o:apple:mac_os_x_server::::::::
	cpe:2.3:o:apple:mac_os_x_server:10.5:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.5.1:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.5.2:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.5.3:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.5.4:::::::*

History

No history.

Information

Published : 2008-12-17 01:30

Updated : 2011-03-08 03:12

NVD link : CVE-2008-4219

Mitre link : CVE-2008-4219

CVE.ORG link : CVE-2008-4219

JSON object : View

Products Affected

apple

mac_os_x
mac_os_x_server

CWE

CWE-399

Resource Management Errors

{"id": "CVE-2008-4219", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-12-17T01:30:00.343", "references": [{"url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/33179", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://support.apple.com/kb/HT3338", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/32839", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/32873", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1021404", "source": "cve@mitre.org"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/3444", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "The kernel in Apple Mac OS X before 10.5.6 allows local users to cause a denial of service (infinite loop and system halt) by running an application that is dynamically linked to libraries on an NFS server, related to occurrence of an exception in this application."}, {"lang": "es", "value": "El n\u00facleo en Apple Mac OS X versiones anteriores a 10.5.6 permite a usuarios locales provocar una denegaci\u00f3n de servicio (bucle infinito y parada del sistema) mediante la ejecuci\u00f3n de una aplicaci\u00f3n que est\u00e1 din\u00e1micamente enlazada a librebr\u00edas en un servidor NFS, relacionado con la aparici\u00f3n de una excepci\u00f3n es esta aplicaci\u00f3n."}], "lastModified": "2011-03-08T03:12:08.220", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E75D6FCB-40E7-4A52-A4CC-CB99C64FA319", "versionEndIncluding": "10.5.5"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2442D35-7484-43D8-9077-3FDF63104816"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F3E721C-00CA-4D51-B542-F2BC5C0D65BF"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3267A41-1AE0-48B8-BD1F-DEC8A212851A"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "855288F1-0242-4951-AB3F-B7AF13E21CF6"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10082781-B93E-4B84-94F2-FA9749B4D92B"}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59451C51-8DF8-40AB-8B57-40FD70E69DB8", "versionEndIncluding": "10.5.5"}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20E8648C-5469-4280-A581-D4A9A41B7213"}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77E8D614-E1EE-42F1-9E55-EA54FB500621"}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C73BED9E-29FB-4965-B38F-013FFE5A9170"}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3B7DEC3-1C0B-4D13-98CD-CB7FAE7933B0"}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7723A9E8-1DE2-4C7D-81E6-4F79DCB09324"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}