CVE-2009-1235 : XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space

XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_BOOT_INFO fcntl calls.

Published 2009-04-02 17:30:00

Updated 2017-09-29 01:34:15

Source MITRE

View at NVD, CVE.org

Threat overview for CVE-2009-1235

Top countries where our scanners detected CVE-2009-1235

Top open port discovered on systems with this issue 548

IPs affected by CVE-2009-1235 37

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2009-1235!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2009-1235

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ % EPSS Score History EPSS FAQ

CVSS scores for CVE-2009-1235

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2009-1235

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2009-1235

http://support.apple.com/kb/HT3757

About the security content of Security Update 2009-003 / Mac OS X v10.5.8 - Apple Support

CVEs referencing this url
http://www.securitytracker.com/id?1022671
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html

CVEs referencing this url
http://www.vupen.com/english/advisories/2009/2172

Webmail: access your OVH emails on ovhcloud.com | OVHcloud

CVEs referencing this url
http://www.digit-labs.org/files/exploits/xnu-hfs-fcntl-v2.sh

Exploit
http://www.digit-labs.org/files/exploits/xnu-hfs-fcntl-v2.c

Exploit
http://www.us-cert.gov/cas/techalerts/TA09-218A.html

Apple Updates for Multiple Vulnerabilities | CISA
US Government Resource

CVEs referencing this url
http://www.securityfocus.com/bid/34203

Exploit
https://www.exploit-db.com/exploits/8266
http://www.vupen.com/english/advisories/2009/0822

Vendor Advisory
http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=216401181

CVEs referencing this url

Products affected by CVE-2009-1235

Apple » Mac Os X
Versions up to, including, (<=) 10.5.6
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.4.9
cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.0
cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.0.1
cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.0.2
cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.0.3
cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.0.4
cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.1
cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.1.3
cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.1.5
cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.1.1
cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.1.2
cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.1.4
cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.2
cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.2.1
cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.2.2
cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.2.3
cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.2.4
cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.2.7
cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.2.8
cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.2.5
cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.2.6
cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.3
cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.3.1
cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.3.2
cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.3.3
cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.3.9
cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.3.4
cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.4
cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.5
cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.3.5
cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.3.6
cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.3.7
cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.3.8
cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.4.1
cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.4.2
cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.4.4
cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.4.5
cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.4.3
cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.4.6
cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.4.7
cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.4.8
cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.4.8 Mac Mini Edition
cpe:2.3:o:apple:mac_os_x:10.4.8:*:mac_mini:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.4.8 Macbook Edition
cpe:2.3:o:apple:mac_os_x:10.4.8:*:macbook:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.4.8 Macbook Pro Edition
cpe:2.3:o:apple:mac_os_x:10.4.8:*:macbook_pro:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.4.10
cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.5.5
cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.4.11
cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.5.0
cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.4.0
cpe:2.3:o:apple:mac_os_x:10.4.0:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.5.3
cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.5.4
cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.5.1
cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.5.2
cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.5.2 Update 2008-002
cpe:2.3:o:apple:mac_os_x:10.5.2:2008-002:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.1.0
cpe:2.3:o:apple:mac_os_x:10.1.0:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.3.0
cpe:2.3:o:apple:mac_os_x:10.3.0:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.2.0
cpe:2.3:o:apple:mac_os_x:10.2.0:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.0.0
cpe:2.3:o:apple:mac_os_x:10.0.0:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server
Versions up to, including, (<=) 10.5.6
cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.2
cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.0
cpe:2.3:o:apple:mac_os_x_server:10.0:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.2.1
cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.2.3
cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.2.2
cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.2.4
cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.2.6
cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.2.5
cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.3
cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.2.8
cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.3.1
cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.3.2
cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.2.7
cpe:2.3:o:apple:mac_os_x_server:10.2.7:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.3.3
cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.1.5
cpe:2.3:o:apple:mac_os_x_server:10.1.5:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.1
cpe:2.3:o:apple:mac_os_x_server:10.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.1.1
cpe:2.3:o:apple:mac_os_x_server:10.1.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.1.2
cpe:2.3:o:apple:mac_os_x_server:10.1.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.1.3
cpe:2.3:o:apple:mac_os_x_server:10.1.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.1.4
cpe:2.3:o:apple:mac_os_x_server:10.1.4:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.3.4
cpe:2.3:o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.3.5
cpe:2.3:o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.3.6
cpe:2.3:o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.3.8
cpe:2.3:o:apple:mac_os_x_server:10.3.8:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.3.9
cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.3.7
cpe:2.3:o:apple:mac_os_x_server:10.3.7:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.4
cpe:2.3:o:apple:mac_os_x_server:10.4:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.4.1
cpe:2.3:o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.4.2
cpe:2.3:o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.4.3
cpe:2.3:o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.4.4
cpe:2.3:o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.4.5
cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.4.6
cpe:2.3:o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.4.7
cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.4.8
cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.4.9
cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.4.11
cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.4.10
cpe:2.3:o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.4.0
cpe:2.3:o:apple:mac_os_x_server:10.4.0:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.5
cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.5.1
cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.5.2
cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.5.3
cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.5.4
cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.5.0
cpe:2.3:o:apple:mac_os_x_server:10.5.0:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.5.5
cpe:2.3:o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.1.0
cpe:2.3:o:apple:mac_os_x_server:10.1.0:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.3.0
cpe:2.3:o:apple:mac_os_x_server:10.3.0:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.0.2
cpe:2.3:o:apple:mac_os_x_server:10.0.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.0.3
cpe:2.3:o:apple:mac_os_x_server:10.0.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.0.4
cpe:2.3:o:apple:mac_os_x_server:10.0.4:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.2.0
cpe:2.3:o:apple:mac_os_x_server:10.2.0:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.0.0
cpe:2.3:o:apple:mac_os_x_server:10.0.0:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.0.1
cpe:2.3:o:apple:mac_os_x_server:10.0.1:*:*:*:*:*:*:*
Matching versions

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!