[Owasp-sydney] Apple Mac OS X UDIF Memory Corruption Vulnerability

Shaon.Diwakar at au.ey.com Shaon.Diwakar at au.ey.com
Wed Nov 22 17:14:51 EST 2006

This email is to be read subject to the disclaimer below.

Yay! Perhaps those CD's labelled "Executive Salaries"  that people keep 
leaving in our foyer will now run on OSX too (complete with a friendly 
'salaries.dmg' image)! 

BTW, Secunia is reporting the problem as more than just a denial of 


LMH has reported a vulnerability in Mac OS X, which potentially can be 
exploited by malicious, local users to gain escalated privileges or by 
malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error in 
com.apple.AppleDiskImageController when handling corrupted DMG image 
structures. This can be exploited to cause a memory corruption and may 
allow execution of arbitrary code in kernel-mode.

The vulnerability is reported in a fully patched Mac OS X (2006-11-20). 
Other versions may also be affected.


Full reference here: http://secunia.com/advisories/23012/


Shaon Diwakar
Security & Technology Solutions
Risk Advisory Services
Ernst & Young Australia
Direct:   +61 2 9248 5627
Mobile: +61 424 387 059
Web: http://www.ey.com/au/esecurity

owasp-sydney-bounces at lists.owasp.org wrote on 23/11/2006 07:18:47 AM:

> All email is logged and may be reviewed - Refer policy FP206
> On the OSX topic...
> "Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly
> other versions, allows remote attackers to cause a denial of service
> (crash) via a malformed UDTO HFS+ disk image, such as with "bad
> sectors," which triggers memory corruption."
> http://secunia.com/advisories/23012
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6062
> -- 
> Halans Jean-Jacques
> ================================
> > http://www.halans.be
> > http://del.icio.us/halans
> > http://www.flickr.com/photos/halans/
> > http://www.linkedin.com/in/halans
> ================================
> _______________________________________________
> Owasp-sydney mailing list
> Owasp-sydney at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-sydney

NOTICE - This communication contains information which is confidential and the copyright of Ernst & Young or a third party. 

If you are not the intended recipient of this communication please delete and destroy all copies and telephone Ernst & Young on 1800 655 717 immediately. If you are the intended recipient of this communication you should not copy, disclose  or distribute this communication without the authority of Ernst & Young.

Any views expressed in this Communication are those of the individual sender, except where the sender specifically states them to be the views of Ernst & Young.

Except as required at law, Ernst & Young does not represent, warrant and/or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors, virus, interception or interference.

Liability limited by a scheme approved under Professional Standards Legislation.

If this communication is a "commercial electronic message" (as defined in the Spam Act 2003) and you do not wish to receive communications such as this, please forward this communication to unsubscribe at au.ey.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-sydney/attachments/20061123/92bacf09/attachment.html 

More information about the Owasp-sydney mailing list