CVE-2010-0105 - Vulnerability Details - OpenCVE

The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service (filesystem corruption) via a crafted application that calls the mkdir and link functions, related to the fsck_hfs program in the diskdev_cmds component.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X

Configuration 1 [-]

OR	cpe:2.3:o:apple:mac_os_x:10.5.8:::::::*
	cpe:2.3:o:apple:mac_os_x:10.6.0:::::::*
	cpe:2.3:o:apple:mac_os_x:10.6.1:::::::*
	cpe:2.3:o:apple:mac_os_x:10.6.2:::::::*
	cpe:2.3:o:apple:mac_os_x:10.6.3:::::::*
	cpe:2.3:o:apple:mac_os_x:10.6.4:::::::*

No data.

References

Link	Providers
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://securityreason.com/achievement_securityalert/83
http://support.apple.com/kb/HT4435
http://www.securityfocus.com/bid/39658
http://www.securitytracker.com/id?1024723

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2010-04-27T15:00:00

Updated: 2024-08-07T00:37:53.899Z

Reserved: 2009-12-30T00:00:00

Link: CVE-2010-0105

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-04-27T15:30:01.217

Modified: 2024-11-21T01:11:32.463

Link: CVE-2010-0105

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-04-23T00:00:00", "descriptions": [{"lang": "en", "value": "The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service (filesystem corruption) via a crafted application that calls the mkdir and link functions, related to the fsck_hfs program in the diskdev_cmds component."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-11-17T10:00:00", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "1024723", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1024723"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT4435"}, {"name": "20100423 MacOS X 10.6.3 filesystem hfs Denial of Service Vulnerability", "tags": ["third-party-advisory", "x_refsource_SREASONRES"], "url": "http://securityreason.com/achievement_securityalert/83"}, {"name": "APPLE-SA-2010-11-10-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"name": "39658", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/39658"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2010-0105", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service (filesystem corruption) via a crafted application that calls the mkdir and link functions, related to the fsck_hfs program in the diskdev_cmds component."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1024723", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1024723"}, {"name": "http://support.apple.com/kb/HT4435", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4435"}, {"name": "20100423 MacOS X 10.6.3 filesystem hfs Denial of Service Vulnerability", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/83"}, {"name": "APPLE-SA-2010-11-10-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"name": "39658", "refsource": "BID", "url": "http://www.securityfocus.com/bid/39658"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:37:53.899Z"}, "title": "CVE Program Container", "references": [{"name": "1024723", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1024723"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT4435"}, {"name": "20100423 MacOS X 10.6.3 filesystem hfs Denial of Service Vulnerability", "tags": ["third-party-advisory", "x_refsource_SREASONRES", "x_transferred"], "url": "http://securityreason.com/achievement_securityalert/83"}, {"name": "APPLE-SA-2010-11-10-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"name": "39658", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/39658"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2010-0105", "datePublished": "2010-04-27T15:00:00", "dateReserved": "2009-12-30T00:00:00", "dateUpdated": "2024-08-07T00:37:53.899Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "1335E35A-D381-4056-9E78-37BC6DF8AD98", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "3C69DEE9-3FA5-408E-AD27-F5E7043F852A", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "D25D1FD3-C291-492C-83A7-0AFAFAADC98D", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "5B565F77-C310-4B83-B098-22F9489C226C", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "546EBFC8-79F0-42C2-9B9A-A76CA3F19470", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "119C8089-8C98-472E-9E9C-1741AA21DD35", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service (filesystem corruption) via a crafted application that calls the mkdir and link functions, related to the fsck_hfs program in the diskdev_cmds component."}, {"lang": "es", "value": "La implementaci\u00f3n de hfs en Apple Mac OS X versi\u00f3n 10.5.8 y versi\u00f3n 10.6.x anterior a 10.6.5, admite enlaces f\u00edsicos en directorios y no impide ciertas estructuras de directorios profundamente anidadas, lo que permite a los usuarios locales causar una denegaci\u00f3n de servicio (corrupci\u00f3n del sistema de archivos) por medio de una aplicaci\u00f3n creada que llama a las funciones mkdir y link, relacionadas con el programa fsck_hfs en el componente diskdev_cmds."}], "id": "CVE-2010-0105", "lastModified": "2024-11-21T01:11:32.463", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-04-27T15:30:01.217", "references": [{"source": "cret@cert.org", "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"source": "cret@cert.org", "tags": ["Exploit"], "url": "http://securityreason.com/achievement_securityalert/83"}, {"source": "cret@cert.org", "url": "http://support.apple.com/kb/HT4435"}, {"source": "cret@cert.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/39658"}, {"source": "cret@cert.org", "url": "http://www.securitytracker.com/id?1024723"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://securityreason.com/achievement_securityalert/83"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT4435"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/39658"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1024723"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}