Sign-up

ID

VAR-200701-0014


CVE

CVE-2007-0229


TITLE

Apple Mac OS X UserNotificationCenter privilege escalation vulnerability

Trust: 0.8

sources: CERT/CC: VU#315856

DESCRIPTION

Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem. Apple's UserNotificationCenter contains a vulnerability that may allow local users to gain elevated privileges. Apple Mac OS X Finder fails to properly handle DMG files with large volume names, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Apple iChat contains a format string vulnerability. This vulnerability may allow a remote, unauthenticated attacker to execute arbitary code. A vulnerability in the way Apple iChat handles specially crafted TXT key hashes could lead to denial of service. Mac OS X of ffs_mountfs The function contains an integer overflow vulnerability. This issue occurs when the UFS filesystem handler fails to handle specially crafted DMG images. Failed exploit attempts will result in a denial-of-service condition. If an attacker can trick users into loading a malicious UFS DMG image, heap overflow will be triggered, resulting in arbitrary code execution. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA24198 VERIFY ADVISORY: http://secunia.com/advisories/24198/ CRITICAL: Highly critical IMPACT: Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) A boundary error exists in Finder, which can be exploited by malicious people to cause a buffer overflow by tricking a user to mount a malicious disk image. 2) A null-pointer dereference error in iChat Bonjour can be exploited by malicious people to cause the application to crash. 3) A format string error in the handling of AIM URLs in iChat can be exploited by malicious people to possibly execute arbitrary code. Successful exploitation requires that a user is tricked into accessing a specially crafted AIM URL. For more information: SA23846 SOLUTION: Apply Security Update 2007-002: Security Update 2007-002 (10.4.8 Universal): http://www.apple.com/support/downloads/securityupdate2007002universal.html Security Update 2007-002 (10.4.8 PPC): http://www.apple.com/support/downloads/securityupdate2007002ppc.html Security Update 2007-002 (10.3.9 Panther): http://www.apple.com/support/downloads/securityupdate2007002panther.html PROVIDED AND/OR DISCOVERED BY: 1) Kevin Finisterre, DigitalMunition 3) LMH ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=305102 OTHER REFERENCES: MOAB: 1) http://projects.info-pull.com/moab/MOAB-09-01-2007.html 3) http://projects.info-pull.com/moab/MOAB-20-01-2007.html SA23846: http://secunia.com/advisories/23846/ SA23945: http://secunia.com/advisories/23945/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 5.67

sources: NVD: CVE-2007-0229 // CERT/CC: VU#315856 // CERT/CC: VU#515792 // CERT/CC: VU#240880 // CERT/CC: VU#794752 // CERT/CC: VU#836024 // JVNDB: JVNDB-2007-001380 // BID: 21993 // VULHUB: VHN-23591 // PACKETSTORM: 54480

AFFECTED PRODUCTS

vendor:apple computermodel: - scope: - version: -

Trust: 4.0

vendor:applemodel:mac os xscope:eqversion:10.4.8

Trust: 2.4

vendor:applemodel:mac os x serverscope:eqversion:10.4.8

Trust: 1.6

vendor:freebsdmodel:freebsdscope:eqversion:6.1

Trust: 1.0

vendor:freebsdmodel:freebsdscope:eqversion:5.3 6.1

Trust: 0.8

vendor:freebsdmodel:-releasescope:eqversion:6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.4.9

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.4.9

Trust: 0.3

sources: CERT/CC: VU#315856 // CERT/CC: VU#515792 // CERT/CC: VU#240880 // CERT/CC: VU#794752 // CERT/CC: VU#836024 // BID: 21993 // JVNDB: JVNDB-2007-001380 // CNNVD: CNNVD-200701-151 // NVD: CVE-2007-0229

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-0229
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#315856
value: 1.49

Trust: 0.8

CARNEGIE MELLON: VU#515792
value: 7.01

Trust: 0.8

CARNEGIE MELLON: VU#240880
value: 10.29

Trust: 0.8

CARNEGIE MELLON: VU#794752
value: 11.85

Trust: 0.8

CARNEGIE MELLON: VU#836024
value: 2.48

Trust: 0.8

NVD: CVE-2007-0229
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200701-151
value: HIGH

Trust: 0.6

VULHUB: VHN-23591
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-0229
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-23591
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#315856 // CERT/CC: VU#515792 // CERT/CC: VU#240880 // CERT/CC: VU#794752 // CERT/CC: VU#836024 // VULHUB: VHN-23591 // JVNDB: JVNDB-2007-001380 // CNNVD: CNNVD-200701-151 // NVD: CVE-2007-0229

PROBLEMTYPE DATA

problemtype:CWE-189

Trust: 1.9

sources: VULHUB: VHN-23591 // JVNDB: JVNDB-2007-001380 // NVD: CVE-2007-0229

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200701-151

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-200701-151

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-001380

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-23591

PATCH
title:APPLE-SA-2007-03-13url:http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
Trust: 0.8
title:MOAB advisoriesurl:http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-001380

EXTERNAL IDS
db:SECUNIAid:24198
Trust: 3.3
db:NVDid:CVE-2007-0229
Trust: 2.8
db:SECUNIAid:24479
Trust: 2.5
db:USCERTid:TA07-072A
Trust: 2.5
db:BIDid:21993
Trust: 2.0
db:OSVDBid:32684
Trust: 1.7
db:VUPENid:ADV-2007-0930
Trust: 1.7
db:VUPENid:ADV-2007-0141
Trust: 1.7
db:SECUNIAid:23703
Trust: 1.7
db:SECTRACKid:1017751
Trust: 1.7
db:BIDid:21980
Trust: 1.6
db:CERT/CCid:VU#515792
Trust: 1.6
db:SECTRACKid:1017661
Trust: 1.6
db:SECUNIAid:23846
Trust: 0.8
db:BIDid:22188
Trust: 0.8
db:CERT/CCid:VU#315856
Trust: 0.8
db:SECUNIAid:23725
Trust: 0.8
db:SECTRACKid:1017662
Trust: 0.8
db:CERT/CCid:VU#240880
Trust: 0.8
db:BIDid:22146
Trust: 0.8
db:CERT/CCid:VU#794752
Trust: 0.8
db:SECUNIAid:23945
Trust: 0.8
db:BIDid:22304
Trust: 0.8
db:CERT/CCid:VU#836024
Trust: 0.8
db:JVNDBid:JVNDB-2007-001380
Trust: 0.8
db:CNNVDid:CNNVD-200701-151
Trust: 0.7
db:APPLEid:APPLE-SA-2007-03-13
Trust: 0.6
db:XFid:31409
Trust: 0.6
db:MLISTid:[FREEBSD-SECURITY] 20070114 MOAB ADVISORIES
Trust: 0.6
db:CERT/CCid:TA07-072A
Trust: 0.6
db:EXPLOIT-DBid:29441
Trust: 0.1
db:SEEBUGid:SSVID-82947
Trust: 0.1
db:VULHUBid:VHN-23591
Trust: 0.1
db:PACKETSTORMid:54480
Trust: 0.1
sources:
            
            
            CERT/CC: VU#315856 // 
            
            
            
            CERT/CC: VU#515792 // 
            
            
            
            CERT/CC: VU#240880 // 
            
            
            
            CERT/CC: VU#794752 // 
            
            
            
            CERT/CC: VU#836024 // 
            
            
            
            VULHUB: VHN-23591 // 
            
            
            
            BID: 21993 // 
            
            
            
            JVNDB: JVNDB-2007-001380 // 
            
            
            
            PACKETSTORM: 54480 // 
            
            
            
            CNNVD: CNNVD-200701-151 // 
            
            
            
            NVD: CVE-2007-0229

REFERENCES
url:http://docs.info.apple.com/article.html?artnum=305102
Trust: 3.3
url:http://secunia.com/advisories/24198/
Trust: 3.3
url:http://docs.info.apple.com/article.html?artnum=305214
Trust: 2.5
url:http://www.us-cert.gov/cas/techalerts/ta07-072a.html
Trust: 2.5
url:http://applefun.blogspot.com/2007/01/moab-10-01-2007-apple-dmg-ufs.html
Trust: 2.0
url:http://lists.apple.com/archives/security-announce/2007/mar/msg00002.html
Trust: 1.7
url:http://www.securityfocus.com/bid/21993
Trust: 1.7
url:http://projects.info-pull.com/moab/moab-10-01-2007.html
Trust: 1.7
url:http://lists.freebsd.org/pipermail/freebsd-security/2007-january/004218.html
Trust: 1.7
url:http://www.osvdb.org/32684
Trust: 1.7
url:http://www.securitytracker.com/id?1017751
Trust: 1.7
url:http://secunia.com/advisories/23703
Trust: 1.7
url:http://secunia.com/advisories/24479
Trust: 1.7
url:http://www.securityfocus.com/bid/21980
Trust: 1.6
url:http://securitytracker.com/alerts/2007/feb/1017661.html
Trust: 1.6
url:http://www.vupen.com/english/advisories/2007/0141
Trust: 1.1
url:http://www.vupen.com/english/advisories/2007/0930
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/31409
Trust: 1.1
url:http://secunia.com/advisories/23846/
Trust: 0.9
url:http://projects.info-pull.com/moab/moab-09-01-2007.html
Trust: 0.9
url:http://projects.info-pull.com/moab/moab-20-01-2007.html
Trust: 0.9
url:http://secunia.com/advisories/23945/
Trust: 0.9
url:http://developer.apple.com/documentation/corefoundation/reference/cfusernotificationref/reference/reference.html
Trust: 0.8
url:http://projects.info-pull.com/moab/moab-22-01-2007.html
Trust: 0.8
url:http://www.cocoadev.com/index.pl?inputmanager
Trust: 0.8
url:http://www.securityfocus.com/bid/22188
Trust: 0.8
url:http://projects.info-pull.com/moab/moab-11-01-2007.html
Trust: 0.8
url:http://secunia.com/advisories/23725/
Trust: 0.8
url:http://secunia.com/advisories/24479/
Trust: 0.8
url:http://securitytracker.com/alerts/2007/feb/1017662.html
Trust: 0.8
url:http://www.securityfocus.com/bid/22146
Trust: 0.8
url:http://projects.info-pull.com/moab/moab-29-01-2007.html
Trust: 0.8
url:http://www.apple.com/macosx/features/ichat/
Trust: 0.8
url:http://developer.apple.com/networking/bonjour/index.html
Trust: 0.8
url:http://www.securityfocus.com/bid/22304
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0229
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0229
Trust: 0.8
url:http://www.kb.cert.org/vuls/id/515792
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/31409
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2007/0141
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2007/0930
Trust: 0.6
url:http://www.freebsd.org/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/software_inspector/
Trust: 0.1
url:http://www.apple.com/support/downloads/securityupdate2007002panther.html
Trust: 0.1
url:http://www.apple.com/support/downloads/securityupdate2007002ppc.html
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/96/
Trust: 0.1
url:http://www.apple.com/support/downloads/securityupdate2007002universal.html
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CERT/CC: VU#315856 // 
            
            
            
            CERT/CC: VU#515792 // 
            
            
            
            CERT/CC: VU#240880 // 
            
            
            
            CERT/CC: VU#794752 // 
            
            
            
            CERT/CC: VU#836024 // 
            
            
            
            VULHUB: VHN-23591 // 
            
            
            
            BID: 21993 // 
            
            
            
            JVNDB: JVNDB-2007-001380 // 
            
            
            
            PACKETSTORM: 54480 // 
            
            
            
            CNNVD: CNNVD-200701-151 // 
            
            
            
            NVD: CVE-2007-0229

CREDITS
LMH lmh@info-pull.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200701-151

SOURCES
db:CERT/CCid:VU#315856
db:CERT/CCid:VU#515792
db:CERT/CCid:VU#240880
db:CERT/CCid:VU#794752
db:CERT/CCid:VU#836024
db:VULHUBid:VHN-23591
db:BIDid:21993
db:JVNDBid:JVNDB-2007-001380
db:PACKETSTORMid:54480
db:CNNVDid:CNNVD-200701-151
db:NVDid:CVE-2007-0229

LAST UPDATE DATE
2025-05-03T21:51:16.397000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#315856date:2007-02-19T00:00:00
db:CERT/CCid:VU#515792date:2007-03-15T00:00:00
db:CERT/CCid:VU#240880date:2007-02-23T00:00:00
db:CERT/CCid:VU#794752date:2007-03-05T00:00:00
db:CERT/CCid:VU#836024date:2007-03-16T00:00:00
db:VULHUBid:VHN-23591date:2017-07-29T00:00:00
db:BIDid:21993date:2007-03-14T14:54:00
db:JVNDBid:JVNDB-2007-001380date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200701-151date:2007-01-21T00:00:00
db:NVDid:CVE-2007-0229date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:CERT/CCid:VU#315856date:2007-02-19T00:00:00
db:CERT/CCid:VU#515792date:2007-03-15T00:00:00
db:CERT/CCid:VU#240880date:2007-02-16T00:00:00
db:CERT/CCid:VU#794752date:2007-02-16T00:00:00
db:CERT/CCid:VU#836024date:2007-02-26T00:00:00
db:VULHUBid:VHN-23591date:2007-01-13T00:00:00
db:BIDid:21993date:2007-01-10T00:00:00
db:JVNDBid:JVNDB-2007-001380date:2012-06-26T00:00:00
db:PACKETSTORMid:54480date:2007-02-17T04:12:18
db:CNNVDid:CNNVD-200701-151date:2007-01-12T00:00:00
db:NVDid:CVE-2007-0229date:2007-01-13T02:28:00