Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-4392Openstep vulnerability

4 documents3 sources
Severity
7.2HIGHNVD
EPSS
1.0%
top 22.85%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apple MAC OS XNext Openstep
Timeline
PublishedOct 3
Latest updateMay 1

Description

The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task address space in a way that causes the child to call a parent-controlled function.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

NVDnext/openstep4.1
NVDapple/mac_os_x8 versions+7

Patches

Patch: lists.apple.comPatch: secunia.comPatch: www.securityfocus.com

🔴Vulnerability Details

1
GHSA
GHSA-2h8f-c5j4-6pq8: The Mach kernel, as used in operating systems including (1) Mac OS X 102022-05-01

💥Exploits & PoCs

2
Exploit-DB
Apple Mac OSX 10.4.7 - Mach Exception Handling Local (10.3.x)2006-09-30
Exploit-DB
Apple Mac OSX 10.4.7 - Mach Exception Handling Privilege Escalation2006-09-30