Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

PoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability

Published: 2010-01-12
Last Updated: 2011-02-08 23:48:03 UTC
by Adrien de Beaupre (Version: 1)
0 comment(s)

Proof of Concept code exploiting the MacOS X 10.5/10.6 libc/strtod(3) buffer overflow CVE-2009-0689 vulnerability has been released. The list of vulnerable software includes FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, as well as MacOS X 10.5/10.6. Impact includes Denial of Service (DoS) or execution of arbitrary code. This is remotely or locally exploitable, and does not require user interaction.


From NVD:
CVSS Severity (version 2.0):
CVSS v2 Base Score:6.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type:Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

0 comment(s)
Diary Archives