MacOSX/XNU HFS Multiple Vulnerabilities

vendor:

Mac OS X

by:

Maksymilian Arciemowicz

7.5

CVSS

HIGH

HFS+ Hard Links Vulnerability

Unknown

CWE

Product Name: Mac OS X

Affected Version From: 10.5

Affected Version To: Unknown

Patch Exists: YES

Related CWE: CVE-2013-6799

CPE: o:apple:mac_os_x

Metasploit: https://www.rapid7.com/db/vulnerabilities/apple-osx-kernel-cve-2013-6799/

Other Scripts:

Platforms Tested: Mac OS X

2013

MacOSX/XNU HFS Multiple Vulnerabilities

The HFS+ file system does not apply strict privilege rules during the creating of hard links. The ability to create hard links to directories is wrong implemented and such an issue is affecting OS versions greater or equal to 10.5. The vulnerability allows creating a large number of hard links to directories, potentially leading to a kernel crash when certain commands like 'ls' or 'find' are executed. The exploit code can be found at http://cert.cx/stuff/l2.c.

Mitigation:

Apply patches provided by Apple.

Source

MacOSX/XNU HFS Multiple Vulnerabilities

Mitigation:

Exploit-DB raw data: