Details of VAR-200701-0156

ID

VAR-200701-0156

CVE

CVE-2007-0299

TITLE

Apple Mac OS X UserNotificationCenter privilege escalation vulnerability

Trust: 0.8

sources: CERT/CC: VU#315856

DESCRIPTION

Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a crafted Unix File System (UFS) DMG image, which triggers an invalid pointer dereference. Apple's UserNotificationCenter contains a vulnerability that may allow local users to gain elevated privileges. Apple Mac OS X Finder fails to properly handle DMG files with large volume names, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Apple iChat contains a format string vulnerability. This vulnerability may allow a remote, unauthenticated attacker to execute arbitary code. A vulnerability in the way Apple iChat handles specially crafted TXT key hashes could lead to denial of service. Mac OS X is prone to a denial-of-service vulnerability. This triggers an invalid null pointer dereference. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA24198 VERIFY ADVISORY: http://secunia.com/advisories/24198/ CRITICAL: Highly critical IMPACT: Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) A boundary error exists in Finder, which can be exploited by malicious people to cause a buffer overflow by tricking a user to mount a malicious disk image. 2) A null-pointer dereference error in iChat Bonjour can be exploited by malicious people to cause the application to crash. 3) A format string error in the handling of AIM URLs in iChat can be exploited by malicious people to possibly execute arbitrary code. Successful exploitation requires that a user is tricked into accessing a specially crafted AIM URL. For more information: SA23846 SOLUTION: Apply Security Update 2007-002: Security Update 2007-002 (10.4.8 Universal): http://www.apple.com/support/downloads/securityupdate2007002universal.html Security Update 2007-002 (10.4.8 PPC): http://www.apple.com/support/downloads/securityupdate2007002ppc.html Security Update 2007-002 (10.3.9 Panther): http://www.apple.com/support/downloads/securityupdate2007002panther.html PROVIDED AND/OR DISCOVERED BY: 1) Kevin Finisterre, DigitalMunition 3) LMH ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=305102 OTHER REFERENCES: MOAB: 1) http://projects.info-pull.com/moab/MOAB-09-01-2007.html 3) http://projects.info-pull.com/moab/MOAB-20-01-2007.html SA23846: http://secunia.com/advisories/23846/ SA23945: http://secunia.com/advisories/23945/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 5.67

sources: NVD: CVE-2007-0299 // CERT/CC: VU#315856 // CERT/CC: VU#515792 // CERT/CC: VU#240880 // CERT/CC: VU#794752 // CERT/CC: VU#836024 // JVNDB: JVNDB-2007-001390 // BID: 86767 // VULHUB: VHN-23661 // PACKETSTORM: 54480

AFFECTED PRODUCTS

vendor:	apple computer	model:	-	scope:	-	version:	-	Trust: 4.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.8	Trust: 2.4
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.8	Trust: 0.3

sources: CERT/CC: VU#315856 // CERT/CC: VU#515792 // CERT/CC: VU#240880 // CERT/CC: VU#794752 // CERT/CC: VU#836024 // BID: 86767 // JVNDB: JVNDB-2007-001390 // CNNVD: CNNVD-200701-288 // NVD: CVE-2007-0299

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-0299
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#315856
value:	1.49
Trust: 0.8
CARNEGIE MELLON:	VU#515792
value:	7.01
Trust: 0.8
CARNEGIE MELLON:	VU#240880
value:	10.29
Trust: 0.8
CARNEGIE MELLON:	VU#794752
value:	11.85
Trust: 0.8
CARNEGIE MELLON:	VU#836024
value:	2.48
Trust: 0.8
NVD:	CVE-2007-0299
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200701-288
value:	HIGH
Trust: 0.6
VULHUB:	VHN-23661
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-0299
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-23661
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#315856 // CERT/CC: VU#515792 // CERT/CC: VU#240880 // CERT/CC: VU#794752 // CERT/CC: VU#836024 // VULHUB: VHN-23661 // JVNDB: JVNDB-2007-001390 // CNNVD: CNNVD-200701-288 // NVD: CVE-2007-0299

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0299

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200701-288

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200701-288

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001390

PATCH

title:

APPLE-SA-2007-03-13

url:

http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html

Trust: 0.8

sources: JVNDB: JVNDB-2007-001390

EXTERNAL IDS

db:	SECUNIA	id:	24198	Trust: 3.3
db:	CERT/CC	id:	VU#515792	Trust: 2.8
db:	NVD	id:	CVE-2007-0299	Trust: 2.8
db:	SECUNIA	id:	24479	Trust: 2.5
db:	SECUNIA	id:	23725	Trust: 2.5
db:	USCERT	id:	TA07-072A	Trust: 2.0
db:	SECTRACK	id:	1017751	Trust: 2.0
db:	OSVDB	id:	31653	Trust: 1.7
db:	VUPEN	id:	ADV-2007-0930	Trust: 1.7
db:	BID	id:	21980	Trust: 1.6
db:	SECTRACK	id:	1017661	Trust: 1.6
db:	SECUNIA	id:	23846	Trust: 0.8
db:	BID	id:	22188	Trust: 0.8
db:	CERT/CC	id:	VU#315856	Trust: 0.8
db:	SECTRACK	id:	1017662	Trust: 0.8
db:	CERT/CC	id:	VU#240880	Trust: 0.8
db:	BID	id:	22146	Trust: 0.8
db:	CERT/CC	id:	VU#794752	Trust: 0.8
db:	SECUNIA	id:	23945	Trust: 0.8
db:	BID	id:	22304	Trust: 0.8
db:	CERT/CC	id:	VU#836024	Trust: 0.8
db:	JVNDB	id:	JVNDB-2007-001390	Trust: 0.8
db:	CNNVD	id:	CNNVD-200701-288	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2007-03-13	Trust: 0.6
db:	CERT/CC	id:	TA07-072A	Trust: 0.6
db:	BID	id:	86767	Trust: 0.4
db:	VULHUB	id:	VHN-23661	Trust: 0.1
db:	PACKETSTORM	id:	54480	Trust: 0.1

sources: CERT/CC: VU#315856 // CERT/CC: VU#515792 // CERT/CC: VU#240880 // CERT/CC: VU#794752 // CERT/CC: VU#836024 // VULHUB: VHN-23661 // BID: 86767 // PACKETSTORM: 54480 // JVNDB: JVNDB-2007-001390 // CNNVD: CNNVD-200701-288 // NVD: CVE-2007-0299

REFERENCES

url:	http://docs.info.apple.com/article.html?artnum=305102	Trust: 3.3
url:	http://secunia.com/advisories/24198/	Trust: 3.3
url:	http://projects.info-pull.com/moab/moab-11-01-2007.html	Trust: 2.8
url:	http://docs.info.apple.com/article.html?artnum=305214	Trust: 2.8
url:	http://lists.apple.com/archives/security-announce/2007/mar/msg00002.html	Trust: 2.0
url:	http://www.us-cert.gov/cas/techalerts/ta07-072a.html	Trust: 2.0
url:	http://www.kb.cert.org/vuls/id/515792	Trust: 2.0
url:	http://www.securitytracker.com/id?1017751	Trust: 2.0
url:	http://www.osvdb.org/31653	Trust: 1.7
url:	http://secunia.com/advisories/23725	Trust: 1.7
url:	http://secunia.com/advisories/24479	Trust: 1.7
url:	http://www.securityfocus.com/bid/21980	Trust: 1.6
url:	http://securitytracker.com/alerts/2007/feb/1017661.html	Trust: 1.6
url:	http://www.vupen.com/english/advisories/2007/0930	Trust: 1.1
url:	http://secunia.com/advisories/23846/	Trust: 0.9
url:	http://projects.info-pull.com/moab/moab-09-01-2007.html	Trust: 0.9
url:	http://projects.info-pull.com/moab/moab-20-01-2007.html	Trust: 0.9
url:	http://secunia.com/advisories/23945/	Trust: 0.9
url:	http://developer.apple.com/documentation/corefoundation/reference/cfusernotificationref/reference/reference.html	Trust: 0.8
url:	http://projects.info-pull.com/moab/moab-22-01-2007.html	Trust: 0.8
url:	http://www.cocoadev.com/index.pl?inputmanager	Trust: 0.8
url:	http://www.securityfocus.com/bid/22188	Trust: 0.8
url:	http://secunia.com/advisories/23725/	Trust: 0.8
url:	http://secunia.com/advisories/24479/	Trust: 0.8
url:	http://securitytracker.com/alerts/2007/feb/1017662.html	Trust: 0.8
url:	http://www.securityfocus.com/bid/22146	Trust: 0.8
url:	http://projects.info-pull.com/moab/moab-29-01-2007.html	Trust: 0.8
url:	http://www.apple.com/macosx/features/ichat/	Trust: 0.8
url:	http://developer.apple.com/networking/bonjour/index.html	Trust: 0.8
url:	http://www.securityfocus.com/bid/22304	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0299	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0299	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2007/0930	Trust: 0.6
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/software_inspector/	Trust: 0.1
url:	http://www.apple.com/support/downloads/securityupdate2007002panther.html	Trust: 0.1
url:	http://www.apple.com/support/downloads/securityupdate2007002ppc.html	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/96/	Trust: 0.1
url:	http://www.apple.com/support/downloads/securityupdate2007002universal.html	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

CREDITS

Unknown

Trust: 0.3

sources: BID: 86767

SOURCES

db:	CERT/CC	id:	VU#315856
db:	CERT/CC	id:	VU#515792
db:	CERT/CC	id:	VU#240880
db:	CERT/CC	id:	VU#794752
db:	CERT/CC	id:	VU#836024
db:	VULHUB	id:	VHN-23661
db:	BID	id:	86767
db:	PACKETSTORM	id:	54480
db:	JVNDB	id:	JVNDB-2007-001390
db:	CNNVD	id:	CNNVD-200701-288
db:	NVD	id:	CVE-2007-0299

LAST UPDATE DATE

2025-07-10T19:53:58.805000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#315856	date:	2007-02-19T00:00:00
db:	CERT/CC	id:	VU#515792	date:	2007-03-15T00:00:00
db:	CERT/CC	id:	VU#240880	date:	2007-02-23T00:00:00
db:	CERT/CC	id:	VU#794752	date:	2007-03-05T00:00:00
db:	CERT/CC	id:	VU#836024	date:	2007-03-16T00:00:00
db:	VULHUB	id:	VHN-23661	date:	2011-03-08T00:00:00
db:	BID	id:	86767	date:	2007-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2007-001390	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200701-288	date:	2007-06-26T00:00:00
db:	NVD	id:	CVE-2007-0299	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#315856	date:	2007-02-19T00:00:00
db:	CERT/CC	id:	VU#515792	date:	2007-03-15T00:00:00
db:	CERT/CC	id:	VU#240880	date:	2007-02-16T00:00:00
db:	CERT/CC	id:	VU#794752	date:	2007-02-16T00:00:00
db:	CERT/CC	id:	VU#836024	date:	2007-02-26T00:00:00
db:	VULHUB	id:	VHN-23661	date:	2007-01-17T00:00:00
db:	BID	id:	86767	date:	2007-01-17T00:00:00
db:	PACKETSTORM	id:	54480	date:	2007-02-17T04:12:18
db:	JVNDB	id:	JVNDB-2007-001390	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200701-288	date:	2007-01-17T00:00:00
db:	NVD	id:	CVE-2007-0299	date:	2007-01-17T11:28:00