This is a severe flaw in Mac OS X:
Secunia Advisory: SA23012
Release Date: 2006-11-21
Last Update: 2006-11-23
Critical:
Highly critical
Impact: Privilege escalation
DoS
System access
Where: From remote
Solution Status: Unpatched
OS: Apple Macintosh OS X
CVE reference: CVE-2006-6061 (Secunia mirror)
CVE-2006-6062 (Secunia mirror)
This advisory is currently marked as unpatched!
- Companies can be alerted when a patch is released!
Description:
LMH has reported a vulnerability in Mac OS X, which potentially can be
exploited by malicious, local users to gain escalated privileges or by
malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error in
com.apple.AppleDiskImageController when handling corrupted DMG image
structures. This can be exploited to cause a memory corruption and may
allow execution of arbitrary code in kernel-mode.
The vulnerability is reported in a fully patched Mac OS X (2006-11-20).
Other versions may also be affected.
Solution:
Deactivate the option "opening safe files after downloading" in the
preferences and grant only trusted users access to affected systems.
Provided and/or discovered by:
LMH
Changelog:
2006-11-22: Added CVE reference.
2006-11-23: Added link to US-CERT.
Original Advisory:
http://projects.info-pull.com/mokb/MOKB-20-11-2006.html
Other References:
US-CERT VU#367424:
http://www.kb.cert.org/vuls/id/367424
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/rules.htm
Contact list owner <[EMAIL PROTECTED]>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
