CVSS: 7.2EPSS: 0%CPEs: 114EXPL: 3CVE-2009-1238 – Apple Mac OSX xnu 1228.x - 'vfssysctl' Local Kernel Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2009-1238
Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads, which is problematic because of lack of mutex locking for an unspecified global variable. Condición de carrera en el interfaz HFS vfs sysctl en XNU v1228.8.20 y anteriores en Apple Mac OS X v10.5.6 y anteriores permite a usuarios locales producir una denegación de servicio (corrupción de la memoria del kernel) mediante la ejecucion simultanea de la ruta de código HFS_SET_PKG_EXTENSIONS en múltiples lineas de ejecución, lo cual es problemático debido a la ausencia de bloqueo de mutex para una variable inespecífica global. • https://www.exploit-db.com/exploits/8265 http://secunia.com/advisories/34424 http://www.digit-labs.org/files/exploits/xnu-vfssysctl-dos.c http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=216401181 http://www.securityfocus.com/bid/34202 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 8%CPEs: 114EXPL: 3CVE-2009-1236 – Apple Mac OSX xnu 1228.3.13 - 'zip-notify' Remote Kernel Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-1236
Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member. Desbordamiento de búfer basado en pila en AppleTalk networking stack en XNU v1228.3.13 y anteriores en Apple Mac OS X v10.5.6 permite a atacantes remotos producir una denegación de servicio (caída del sistema) a través de un paquete NOTIFY (también conocido como ZIPOP_NOTIFY) que sobrescribe miembro de estructura ifPort. • https://www.exploit-db.com/exploits/8262 http://secunia.com/advisories/34424 http://www.digit-labs.org/files/exploits/xnu-appletalk-zip.c http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=216401181 http://www.securityfocus.com/bid/34201 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2009-0017
https://notcve.org/view.php?id=CVE-2009-0017
csregprinter in the Printing component in Apple Mac OS X 10.4.11 and 10.5.6 does not properly handle error conditions, which allows local users to execute arbitrary code via unknown vectors that trigger a heap-based buffer overflow. csregprinter en el componente Printing de Apple Mac OS X v10.4.11 y v10.5.6, no maneja adecuadamente las condiciones de error, esto permite a usuarios locales ejecutar código de su elección a través de vectores desconocidos que provocan un desbordamiento del búfer basado en montículo. • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/33937 http://support.apple.com/kb/HT3438 http://www.securityfocus.com/bid/33759 http://www.securityfocus.com/bid/33811 http://www.vupen.com/english/advisories/2009/0422 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0CVE-2009-0013
https://notcve.org/view.php?id=CVE-2009-0013
dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information. dscl en DS Tools den Apple Mac OS X v10.4.11 y v10.5.6, requiere que la contraseña sea proporcionada como argumentos de la línea de comandos, esto permite a usuarios locales ganar privilegios al listar información de los procesos. • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/33937 http://securitytracker.com/alerts/2009/Feb/1021722.html http://support.apple.com/kb/HT3438 http://www.securityfocus.com/bid/33759 http://www.securityfocus.com/bid/33815 http://www.vupen.com/english/advisories/2009/0422 https://exchange.xforce.ibmcloud.com/vulnerabilities/48717 • CWE-255: Credentials Management Errors •
CVSS: 6.8EPSS: 1%CPEs: 4EXPL: 0CVE-2009-0009
https://notcve.org/view.php?id=CVE-2009-0009
Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted movie file that triggers memory corruption. Vulnerabilidad no especificada en Pixlet codec en Apple Mac OS X v10.4.11 y v10.5.6 que permite a los atacantes remotos causar una denegación de servicios (terminación de la aplicación) y posiblemente una ejecución arbitraria de código a través de archivos de vídeo manipuladas que lanzan una corrupción de memoria. • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://osvdb.org/51980 http://secunia.com/advisories/33937 http://securitytracker.com/alerts/2009/Feb/1021718.html http://support.apple.com/kb/HT3438 http://www.securityfocus.com/bid/33759 http://www.vupen.com/english/advisories/2009/0422 https://exchange.xforce.ibmcloud.com/vulnerabilities/48713 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •