Apple Mac OS X 'i386_set_ldt()' Privilege Escalation Vulnerability Network Vulnerability

Summary

This host is installed with Mac OS X and is prone to privilege escalation vulnerability.

Impact

Successful exploitation will allow attackers to execute arbitrary code with elevated privileges. Impact Level: System

Solution

Upgrade to Mac OS X / Mac OS X Server version 10.6.7 or later, For updates refer to http://support.apple.com/kb/HT4581

Insight

The flaw is due to a privilege checking issue exists in the i386_set_ldt system call, while handling call gates. Which allows local users to gain privileges via vectors involving the creation of a call gate entry.

Affected

Mac OS X version 10.6 through 10.6.6 Mac OS X Server version 10.6 through 10.6.6

References

http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://support.apple.com/kb/DL1367
http://support.apple.com/kb/HT4581

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0182

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Silverlight Security Bypass Vulnerability (2932677) (Mac OS X)
Mac OS X Security Update 2009-005
Microsoft Silverlight Remote Code Execution Vulnerability-2814124 (Mac OS X)
Microsoft Office Remote Code Execution Vulnerability-2839571 (Mac OS X)
Java for Mac OS X 10.6 Update 4

Take action and discover your vulnerabilities