PT-2006-5196 · Next+1 · Openstep+2

Dino Dai Zovi

Published

2006-10-02

Updated

2018-10-17

CVE-2006-4392

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Mach kernel versions used in Mac OS X 10.4 through 10.4.7 Mach kernel versions used in OpenStep before 4.2

Description The issue allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task address space. This modification causes the child to call a parent-controlled function.

Recommendations For Mac OS X 10.4 through 10.4.7, update to a version outside of this range to resolve the issue. For OpenStep before 4.2, update to version 4.2 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4392

Affected Products

Macos X

Mach Kernel

Openstep

PT-2006-5196 · Next+1 · Openstep+2

CVE-2006-4392

Related Identifiers

Affected Products

References · 15