Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: xnu vulnerability question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: xnu vulnerability question

Subject: Re: xnu vulnerability question
From: Finlay Dobbie <email@hidden>
Date: Wed, 25 Feb 2009 21:24:54 +0000

On Wed, Feb 25, 2009 at 8:39 PM, Jaime Magiera
<email@hidden> wrote:
> Hey folks,
>
> I just came across this...
>
> http://www.milw0rm.com/exploits/8108
>
> Did 10.5.6 or any of the security updates patch this? I notice the current
> xnu is 1228.9.59.

http://support.apple.com/kb/HT3338

About the security content of Security Update 2008-008 / Mac OS X v10.5.6

Kernel

CVE-ID: CVE-2008-4218

Available for: Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5
through v10.5.5

Impact: A local user may obtain system privileges

Description: Integer overflow issues exist within the i386_set_ldt and
i386_get_ldt system calls, which may allow a local user to execute
arbitrary code with system privileges. This update addresses the
issues through improved bounds checking. These issues do not affect
PowerPC systems. Credit to Richard Vaneeden of IOActive, Inc. for
reporting these issues.

 -- Finlay
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

Follow-Ups:
- Re: xnu vulnerability question
  - From: Jaime Magiera <email@hidden>

References:
	>xnu vulnerability question (From: Jaime Magiera <email@hidden>)

Prev by Date: Re: Some questions about DirectoryServices
Next by Date: Re: Total Physical Memory
Previous by thread: xnu vulnerability question
Next by thread: Re: xnu vulnerability question
Index(es):
- Date
- Thread