CVE-2006-5836 - The fpathconf syscall function in bsd/kern/kern_descrip.c in the Darwin kernel (XNU) 8.8.1 in Apple

CVE-2006-5836

Summary

The fpathconf syscall function in bsd/kern/kern_descrip.c in the Darwin kernel (XNU) 8.8.1 in Apple Mac OS X allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a file descriptor with an unrecognized file type.

References

Vulnerable Configurations

cpe:2.3:o:opendarwin:darwin_kernel:8.8.1:*:*:*:*:*:*:*
cpe:2.3:o:opendarwin:darwin_kernel:8.8.1:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 20-07-2017 - 01:34)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

apple	APPLE-SA-2007-03-13
bid	20982
cert	TA07-072A
confirm	http://docs.info.apple.com/article.html?artnum=305214
misc	http://projects.info-pull.com/mokb/MOKB-09-11-2006.html
osvdb	30216
sectrack	1017751
secunia	22808 24479
vupen	ADV-2006-4448 ADV-2007-0930
xf	macosx-fpathconf-dos(30152)

Last major update

20-07-2017 - 01:34

Published

10-11-2006 - 01:07

Last modified

20-07-2017 - 01:34