CVE-2009-1235

XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_BOOT_INFO fcntl calls.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
VendorProductVersion
applemac_os_x
𝑥
≤ 10.5.6
applemac_os_x
10.0
applemac_os_x
10.0.0
applemac_os_x
10.0.1
applemac_os_x
10.0.2
applemac_os_x
10.0.3
applemac_os_x
10.0.4
applemac_os_x
10.1
applemac_os_x
10.1.0
applemac_os_x
10.1.1
applemac_os_x
10.1.2
applemac_os_x
10.1.3
applemac_os_x
10.1.4
applemac_os_x
10.1.5
applemac_os_x
10.2
applemac_os_x
10.2.0
applemac_os_x
10.2.1
applemac_os_x
10.2.2
applemac_os_x
10.2.3
applemac_os_x
10.2.4
applemac_os_x
10.2.5
applemac_os_x
10.2.6
applemac_os_x
10.2.7
applemac_os_x
10.2.8
applemac_os_x
10.3
applemac_os_x
10.3.0
applemac_os_x
10.3.1
applemac_os_x
10.3.2
applemac_os_x
10.3.3
applemac_os_x
10.3.4
applemac_os_x
10.3.5
applemac_os_x
10.3.6
applemac_os_x
10.3.7
applemac_os_x
10.3.8
applemac_os_x
10.3.9
applemac_os_x
10.4
applemac_os_x
10.4.0
applemac_os_x
10.4.1
applemac_os_x
10.4.2
applemac_os_x
10.4.3
applemac_os_x
10.4.4
applemac_os_x
10.4.5
applemac_os_x
10.4.6
applemac_os_x
10.4.7
applemac_os_x
10.4.8
applemac_os_x
10.4.8
applemac_os_x
10.4.8
applemac_os_x
10.4.8
applemac_os_x
10.4.9
applemac_os_x
10.4.10
applemac_os_x
10.4.11
applemac_os_x
10.5
applemac_os_x
10.5.0
applemac_os_x
10.5.1
applemac_os_x
10.5.2
applemac_os_x
10.5.2:2008-002
applemac_os_x
10.5.3
applemac_os_x
10.5.4
applemac_os_x
10.5.5
applemac_os_x_server
𝑥
≤ 10.5.6
applemac_os_x_server
10.0
applemac_os_x_server
10.0.0
applemac_os_x_server
10.0.1
applemac_os_x_server
10.0.2
applemac_os_x_server
10.0.3
applemac_os_x_server
10.0.4
applemac_os_x_server
10.1
applemac_os_x_server
10.1.0
applemac_os_x_server
10.1.1
applemac_os_x_server
10.1.2
applemac_os_x_server
10.1.3
applemac_os_x_server
10.1.4
applemac_os_x_server
10.1.5
applemac_os_x_server
10.2
applemac_os_x_server
10.2.0
applemac_os_x_server
10.2.1
applemac_os_x_server
10.2.2
applemac_os_x_server
10.2.3
applemac_os_x_server
10.2.4
applemac_os_x_server
10.2.5
applemac_os_x_server
10.2.6
applemac_os_x_server
10.2.7
applemac_os_x_server
10.2.8
applemac_os_x_server
10.3
applemac_os_x_server
10.3.0
applemac_os_x_server
10.3.1
applemac_os_x_server
10.3.2
applemac_os_x_server
10.3.3
applemac_os_x_server
10.3.4
applemac_os_x_server
10.3.5
applemac_os_x_server
10.3.6
applemac_os_x_server
10.3.7
applemac_os_x_server
10.3.8
applemac_os_x_server
10.3.9
applemac_os_x_server
10.4
applemac_os_x_server
10.4.0
applemac_os_x_server
10.4.1
applemac_os_x_server
10.4.2
applemac_os_x_server
10.4.3
applemac_os_x_server
10.4.4
applemac_os_x_server
10.4.5
applemac_os_x_server
10.4.6
applemac_os_x_server
10.4.7
applemac_os_x_server
10.4.8
applemac_os_x_server
10.4.9
applemac_os_x_server
10.4.10
applemac_os_x_server
10.4.11
applemac_os_x_server
10.5
applemac_os_x_server
10.5.0
applemac_os_x_server
10.5.1
applemac_os_x_server
10.5.2
applemac_os_x_server
10.5.3
applemac_os_x_server
10.5.4
applemac_os_x_server
10.5.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
http://secunia.com/advisories/34424
http://secunia.com/advisories/36096
http://support.apple.com/kb/HT3757
http://www.digit-labs.org/files/exploits/xnu-hfs-fcntl-v2.c
http://www.digit-labs.org/files/exploits/xnu-hfs-fcntl-v2.sh
http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=216401181
http://www.securityfocus.com/bid/34203
http://www.securitytracker.com/id?1022671
http://www.us-cert.gov/cas/techalerts/TA09-218A.html
http://www.vupen.com/english/advisories/2009/0822
http://www.vupen.com/english/advisories/2009/2172
https://www.exploit-db.com/exploits/8266
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
http://secunia.com/advisories/34424
http://secunia.com/advisories/36096
http://support.apple.com/kb/HT3757
http://www.digit-labs.org/files/exploits/xnu-hfs-fcntl-v2.c
http://www.digit-labs.org/files/exploits/xnu-hfs-fcntl-v2.sh
http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=216401181
http://www.securityfocus.com/bid/34203
http://www.securitytracker.com/id?1022671
http://www.us-cert.gov/cas/techalerts/TA09-218A.html
http://www.vupen.com/english/advisories/2009/0822
http://www.vupen.com/english/advisories/2009/2172
https://www.exploit-db.com/exploits/8266