site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:reply-to:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=6Djsbkrbt0igK9fDqh60Sz+1KwnJ1SimtAiE7/EW2n0=; b=kZ7MCc1WZWeOnLeCH4q7LRUcGs+crekLmLId4/pnDzPI4xXH6S6Kko9N7yi+KvR9+u y9/pKFYXTb/4JzEgUrEhPfbFZsAITUeETItj8+tEI29hLyblmfj3dAzB3bwtffEx2lO6 YZ65t8WJ18ld1PyG877nKCiv6R6F84tArxsXk= Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:content-transfer-encoding; b=hnan/7Nl4qx1VF4W3NcE1/m1i+esk2LAphVq8oOTNG7xuTDXEGPL2Vc0LYeZaLqO02 VVPmJdIp0IUBjUf1qc0XlFbq9+mNyqgPMIpdRf+lv6MDnyeXq27FUZYTZKKeZuncka3Z ArvLeknp8kt3ezdLin7zTy26iKj/PNz+Mvj2g= On Wed, Feb 25, 2009 at 8:39 PM, Jaime Magiera <jaime@sensoryresearch.net> wrote:
Hey folks,
I just came across this...
http://www.milw0rm.com/exploits/8108
Did 10.5.6 or any of the security updates patch this? I notice the current xnu is 1228.9.59.
http://support.apple.com/kb/HT3338 About the security content of Security Update 2008-008 / Mac OS X v10.5.6 Kernel CVE-ID: CVE-2008-4218 Available for: Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5 Impact: A local user may obtain system privileges Description: Integer overflow issues exist within the i386_set_ldt and i386_get_ldt system calls, which may allow a local user to execute arbitrary code with system privileges. This update addresses the issues through improved bounds checking. These issues do not affect PowerPC systems. Credit to Richard Vaneeden of IOActive, Inc. for reporting these issues. -- Finlay _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... This email sent to site_archiver@lists.apple.com
participants (1)
-
Finlay Dobbie