Info

Disclosure

Sep 27, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the exception handling mechanism for a privileged program is subverted by a local user who has access to the privileged program, such as a SUID binary. This flaw may lead to a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Other
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Upgrade to version 10.4.8 or higher, as it has been reported to fix this vulnerability. Apple has also supplied Security Update 2006-006 for Mac OS 10.3.9. An upgrade is required as there are no known workarounds.

Products

Apple Computer, Inc.	Mac OS X	10.3
		10.4
		10.4.8

References

CVE ID: 2006-4392 (see also: NVD)
Secunia Advisory ID: 22187
Related OSVDB ID: 29267 29268 29270 29271 29272 29273 29274 29275 29276
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0505.html
Vendor Specific News/Changelog Entry: http://docs.info.apple.com/article.html?artnum=304460
Other Advisory URL: http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/

Credit

Dino Dai Zovi - Matasano Security

Direct URL: http://osvdb.org/29269

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Apple Computer, Inc.

Mac OS X

References

Credit