PT-2008-2593 · Apple · Macos X

Published

2008-03-18

Updated

2017-08-08

CVE-2008-0990

CVSS v2.0

4.4

Medium

Vector

AV:L/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Apple Mac OS X version 10.4.11

Description The issue concerns a problem where notifyd in Apple Mac OS X does not verify the origin of Mach port death notifications. This allows local users to cause a denial of service by sending spoofed death notifications, which in turn prevents other applications from receiving notifications.

Recommendations For Apple Mac OS X version 10.4.11, consider restricting access to the Mach port death notifications until a fix is available. As a temporary workaround, disabling the reception of death notifications from unverified sources may help minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2008-0990

Affected Products

Macos X

PT-2008-2593 · Apple · Macos X

CVE-2008-0990

Weakness Enumeration

Related Identifiers

Affected Products

References · 10