Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > February 2006 > Apple Security Advisory: APPLE-SA-2006-02-14 - Mac OS X v10.4.5

February 2006

Apple Security Advisory: APPLE-SA-2006-02-14 - Mac OS X v10.4.5

ID: 00135
Ref: 133/2006
Date: 15 February 2006:14:25:51
Version: 1
Title: Apple Security Advisory: APPLE-SA-2006-02-14 - Mac OS X v10.4.5
Abstract: A malicious local user may trigger a system crash by invoking an undocumented system call. This update addresses the issue by removing the system call from the kernel. Credit to David Goldsmith of Matasano for reporting this issue.
Vendors affected: Apple
Operating systems affected: Apple
Applications affected: Apple
Title
=====

Apple Security Advisory: APPLE-SA-2006-02-14 - Mac OS X v10.4.5

Detail
======

A malicious local user may trigger a system crash by
invoking an undocumented system call. This update addresses the
issue by removing the system call from the kernel. Credit to David
Goldsmith of Matasano for reporting this issue.



APPLE-SA-2006-02-14 Mac OS X v10.4.5

Mac OS X v10.4.5 and Mac OS X Server v10.4.5 are now available and
deliver the following security enhancement:

Kernel
CVE-ID: CVE-2006-0382
Available for: Mac OS X v10.4.5, Mac OS X Server v10.4.5
Impact: A malicious local user can cause a system crash
Description: A malicious local user may trigger a system crash by
invoking an undocumented system call. This update addresses the
issue by removing the system call from the kernel. Credit to David
Goldsmith of Matasano for reporting this issue.

Mac OS X v10.4.5 may be obtained from the Software Update pane in
System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

For Mac OS X v10.4.4 (PowerPC)
The download file is named: "MacOSXUpd10.4.5PPC.dmg"
Its SHA-1 digest is: c794af16563470fb16610bbaecedb59624a24dee

For Mac OS X v10.4.4 (Intel)
The download file is named: "MacOSXUpd10.4.5Intel.dmg"
Its SHA-1 digest is: 23def8fb52839c008d313c7cd301aa16efbdfd64

For Mac OS X v10.4 through Mac OS X v10.4.3
The download file is named: "MacOSXUpdCombo10.4.5PPC.dmg"
Its SHA-1 digest is: 1e1309d0a37aeb8fb42cf92480d2bba2db3372db

For Mac OS X Server v10.4.4
The download file is named: "MacOSXSvrBaseUpd10.4.5.dmg"
Its SHA-1 digest is: 8922dcf05fa96f034a9be9d47cf150ac628bc707

Information will also be posted to the Apple Product Security
web site: http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/


  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |