Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-0182 — Improper Input Validation in Apple MAC OS X

CWE-20 — Improper Input Validation5 documents5 sources

Severity

7.2HIGHNVD

EPSS

0.6%

top 30.24%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple MAC OS X Apple MAC OS X Server

Timeline

PublishedMar 23

Latest updateMay 17

Description

The i386_set_ldt system call in the kernel in Apple Mac OS X before 10.6.7 does not properly handle call gates, which allows local users to gain privileges via vectors involving the creation of a call gate entry.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDapple/mac_os_x10.6.6+6

▶NVDapple/mac_os_x_server10.6.6+6

Patches

Patch: lists.apple.com ↗Patch: support.apple.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-m9f5-5hw3-cc3g: The i386_set_ldt system call in the kernel in Apple Mac OS X before 10↗2022-05-17

▶

CVEList

CVE-2011-0182: The i386_set_ldt system call in the kernel in Apple Mac OS X before 10↗2011-03-23

▶

💥Exploits & PoCs

Exploit-DB

Apple Mac OSX < 10.6.7 - Kernel Panic (Denial of Service)↗2011-09-28

▶

💬Community

Bugzilla

CVE-2010-4253 OpenOffice.org: heap based buffer overflow in PPT import↗2010-11-29

▶