Details of VAR-200701-0210

ID

VAR-200701-0210

CVE

CVE-2007-0430

TITLE

Apple Mac OS X of shared_region_map_file_np Service disruption in functions (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-001430

DESCRIPTION

The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value. Mac OS X is prone to a denial-of-service vulnerability. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. The vulnerability is caused due to an error in the "shared_region_map_file_np()" syscall and can cause the system to become unresponsive by providing a high "mapping_count" value. Other versions may also be affected. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: Adriano Lima ORIGINAL ADVISORY: http://risesecurity.org/advisory.php?id=RISE-2007001.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.16

sources: NVD: CVE-2007-0430 // JVNDB: JVNDB-2007-001430 // BID: 81986 // VULHUB: VHN-23792 // VULMON: CVE-2007-0430 // PACKETSTORM: 53825

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.4.8	Trust: 1.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.8	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.8	Trust: 0.3

sources: BID: 81986 // JVNDB: JVNDB-2007-001430 // CNNVD: CNNVD-200701-357 // NVD: CVE-2007-0430

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-0430
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-0430
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200701-357
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-23792
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2007-0430
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-0430
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-23792
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-23792 // VULMON: CVE-2007-0430 // JVNDB: JVNDB-2007-001430 // CNNVD: CNNVD-200701-357 // NVD: CVE-2007-0430

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0430

THREAT TYPE

local

Trust: 1.0

sources: BID: 81986 // PACKETSTORM: 53825 // CNNVD: CNNVD-200701-357

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200701-357

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001430

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-23792 // VULMON: CVE-2007-0430

PATCH

title:	Top Page	url:	http://www.apple.com/	Trust: 0.8
title:	vulnerabilities	url:	https://github.com/rcvalle/vulnerabilities	Trust: 0.1

sources: VULMON: CVE-2007-0430 // JVNDB: JVNDB-2007-001430

EXTERNAL IDS

db:	NVD	id:	CVE-2007-0430	Trust: 2.9
db:	SREASON	id:	2178	Trust: 2.1
db:	SECTRACK	id:	1017538	Trust: 2.1
db:	SECUNIA	id:	23823	Trust: 1.9
db:	OSVDB	id:	32942	Trust: 1.8
db:	VUPEN	id:	ADV-2007-0275	Trust: 1.8
db:	XF	id:	31645	Trust: 0.9
db:	JVNDB	id:	JVNDB-2007-001430	Trust: 0.8
db:	CNNVD	id:	CNNVD-200701-357	Trust: 0.7
db:	BUGTRAQ	id:	20070119 [RISE-2007001] APPLE MAC OS X 10.4.X KERNEL SHARED_REGION_MAP_FILE_NP() MEMORY CORRUPTION VULNERABILITY	Trust: 0.6
db:	BID	id:	81986	Trust: 0.5
db:	EXPLOIT-DB	id:	3167	Trust: 0.2
db:	VULHUB	id:	VHN-23792	Trust: 0.1
db:	VULMON	id:	CVE-2007-0430	Trust: 0.1
db:	PACKETSTORM	id:	53825	Trust: 0.1

sources: VULHUB: VHN-23792 // VULMON: CVE-2007-0430 // BID: 81986 // JVNDB: JVNDB-2007-001430 // PACKETSTORM: 53825 // CNNVD: CNNVD-200701-357 // NVD: CVE-2007-0430

REFERENCES

url:	http://risesecurity.org/advisory.php?id=rise-2007001.txt	Trust: 2.2
url:	http://securitytracker.com/id?1017538	Trust: 2.1
url:	http://securityreason.com/securityalert/2178	Trust: 2.1
url:	http://www.osvdb.org/32942	Trust: 1.8
url:	http://secunia.com/advisories/23823	Trust: 1.8
url:	http://www.securityfocus.com/archive/1/457466/100/0/threaded	Trust: 1.2
url:	http://www.vupen.com/english/advisories/2007/0275	Trust: 1.2
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/31645	Trust: 1.2
url:	http://xforce.iss.net/xforce/xfdb/31645	Trust: 0.9
url:	http://www.securityfocus.com/archive/1/archive/1/457466/100/0/threaded	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0430	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0430	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2007/0275	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/81986	Trust: 0.1
url:	https://www.exploit-db.com/exploits/3167/	Trust: 0.1
url:	https://github.com/rcvalle/vulnerabilities	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/software_inspector/	Trust: 0.1
url:	http://secunia.com/advisories/23823/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/96/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-23792 // VULMON: CVE-2007-0430 // BID: 81986 // JVNDB: JVNDB-2007-001430 // PACKETSTORM: 53825 // CNNVD: CNNVD-200701-357 // NVD: CVE-2007-0430

CREDITS

Unknown

Trust: 0.3

sources: BID: 81986

SOURCES

db:	VULHUB	id:	VHN-23792
db:	VULMON	id:	CVE-2007-0430
db:	BID	id:	81986
db:	JVNDB	id:	JVNDB-2007-001430
db:	PACKETSTORM	id:	53825
db:	CNNVD	id:	CNNVD-200701-357
db:	NVD	id:	CVE-2007-0430

LAST UPDATE DATE

2025-04-10T23:05:46.187000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-23792	date:	2018-10-16T00:00:00
db:	VULMON	id:	CVE-2007-0430	date:	2018-10-16T00:00:00
db:	BID	id:	81986	date:	2007-01-22T00:00:00
db:	JVNDB	id:	JVNDB-2007-001430	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200701-357	date:	2007-01-23T00:00:00
db:	NVD	id:	CVE-2007-0430	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-23792	date:	2007-01-23T00:00:00
db:	VULMON	id:	CVE-2007-0430	date:	2007-01-23T00:00:00
db:	BID	id:	81986	date:	2007-01-22T00:00:00
db:	JVNDB	id:	JVNDB-2007-001430	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	53825	date:	2007-01-24T03:46:18
db:	CNNVD	id:	CNNVD-200701-357	date:	2007-01-22T00:00:00
db:	NVD	id:	CVE-2007-0430	date:	2007-01-23T02:28:00