CVE-2011-0180

Apple Mac OS X <10.6.7 - Info Disclosure

Title source: llm

Description

Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Dan Rosenberg · clocalosx

https://www.exploit-db.com/exploits/35488

View Code ZIP pw:eip

References (2)

[Patch, Vendor Advisory] http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

[Patch, Vendor Advisory] http://support.apple.com/kb/HT4581

Scores

EPSS 0.0008

EPSS Percentile 24.1%

Details

CWE

CWE-189

Status published

Products (14)

apple/mac_os_x 10.6.0

apple/mac_os_x 10.6.1

apple/mac_os_x 10.6.2

apple/mac_os_x 10.6.3

apple/mac_os_x 10.6.4

apple/mac_os_x 10.6.5

apple/mac_os_x < 10.6.6

apple/mac_os_x_server 10.6.0

apple/mac_os_x_server 10.6.1

apple/mac_os_x_server 10.6.2

... and 4 more

Published Mar 23, 2011

Tracked Since Feb 18, 2026