Info

Disclosure

Jul 14, 2006

Discovery

Unknown

Dates

Exploit

Jul 14, 2006

Solution

Unknown

Description

Mac OS X contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker attempts to log in multiple times using a nonexistent account, which causes the process to hang, and will result in loss of availability for the service. This vulnerability could also be leveraged by an attacker to enumerate valid user accounts, resulting in a loss of confidentiality.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Information Disclosure
Impact: Loss of Confidentiality, Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch (Security Update 2006-004) to address this vulnerability.

Products

Apple Computer, Inc.	Mac OS X	10.4
		10.4.1
		10.4.2
		10.4.3
		10.4.4
		10.4.5
		10.4.6
		10.4.7

References

Security Tracker: 1016672
Bugtraq ID: 19289
CVE ID: 2006-0393 (see also: NVD)
Secunia Advisory ID: 21253
Related OSVDB ID: 27730 27731 27732 27733 27734 27735 27736 27737 27738 27739 27740 27741 27742 27743 27744 27746
ISS X-Force ID: 28147
VUPEN Advisory: ADV-2006-3101
Vendor Specific Advisory URL: http://docs.info.apple.com/article.html?artnum=304063

Credit

Rob Middleton - Centenary Institute

Direct URL: http://osvdb.org/27745

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Apple Computer, Inc.

Mac OS X

References

Credit