Details of VAR-200701-0517

ID

VAR-200701-0517

CVE

CVE-2007-0022

TITLE

Kerberos administration daemon may free uninitialized pointers

Trust: 0.8

sources: CERT/CC: VU#831452

DESCRIPTION

Untrusted search path vulnerability in writeconfig in Apple Mac OS X 10.4.8 allows local users to gain privileges via a modified PATH that points to a malicious launchctl program. A vulnerability exists in the Kerberos administration daemon that may allow a remote, unauthenticated user to free uninitialized pointers. Freeing uninitialized pointers corrupts memory in a way that could allow an attacker to execute code. According to Apple information, it may be possible to execute arbitrary code with system privileges. A successful attack can allow local attackers to gain superuser privileges. Mac OS X 10.4.8 is reported vulnerable; other versions may be affected as well. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Gentoo update for mit-krb5 SECUNIA ADVISORY ID: SA23903 VERIFY ADVISORY: http://secunia.com/advisories/23903/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote OPERATING SYSTEM: Gentoo Linux 1.x http://secunia.com/product/339/ DESCRIPTION: Gentoo has issued an update for krb5. This fixes some vulnerabilities, which can potentially be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. For more information: SA23690 SA23696 SOLUTION: Update to "app-crypt/mit-krb5-1.5.2" or later. ORIGINAL ADVISORY: http://www.gentoo.org/security/en/glsa/glsa-200701-21.xml OTHER REFERENCES: SA23690: http://secunia.com/advisories/23690/ SA235696: http://secunia.com/advisories/23696/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2007-0022 // CERT/CC: VU#831452 // JVNDB: JVNDB-2007-000316 // BID: 22148 // VULHUB: VHN-23384 // PACKETSTORM: 53950

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.8	Trust: 1.6
vendor:	fedora	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	gentoo linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	mit kerberos team	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	openpkg	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	suse linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	sun microsystems	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	rpath	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.3.9	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.4.9	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.3.9	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.4.9	Trust: 0.8
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.9	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.9	Trust: 0.3

sources: CERT/CC: VU#831452 // BID: 22148 // JVNDB: JVNDB-2007-000316 // CNNVD: CNNVD-200701-367 // NVD: CVE-2007-0022

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-0022
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#831452
value:	20.93
Trust: 0.8
NVD:	CVE-2007-0022
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200701-367
value:	HIGH
Trust: 0.6
VULHUB:	VHN-23384
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-0022
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-23384
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#831452 // VULHUB: VHN-23384 // JVNDB: JVNDB-2007-000316 // CNNVD: CNNVD-200701-367 // NVD: CVE-2007-0022

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0022

THREAT TYPE

local

Trust: 0.9

sources: BID: 22148 // CNNVD: CNNVD-200701-367

TYPE

Design Error

Trust: 0.9

sources: BID: 22148 // CNNVD: CNNVD-200701-367

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-000316

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-23384

PATCH

title:	Security Update 2007-004 v1.1 (Universal)	url:	http://www.apple.com/support/downloads/securityupdate2007004v11universal.html	Trust: 0.8
title:	Security Update 2007-004 v1.1 (PPC)	url:	http://www.apple.com/support/downloads/securityupdate2007004v11ppc.html	Trust: 0.8
title:	Security Update 2007-004 v1.1 (10.3.9 Client)	url:	http://www.apple.com/support/downloads/securityupdate2007004v111039client.html	Trust: 0.8
title:	Security Update 2007-004 (10.3.9 Server)	url:	http://www.apple.com/support/downloads/securityupdate20070041039server.html	Trust: 0.8
title:	Security Update 2007-004	url:	http://docs.info.apple.com/article.html?artnum=305391-en	Trust: 0.8
title:	Security Update 2007-004	url:	http://docs.info.apple.com/article.html?artnum=305391-ja	Trust: 0.8
title:	Security Update 2007-004 v1.1 (Universal)	url:	http://www.apple.com/jp/ftp-info/reference/securityupdate2007004v11universal.html	Trust: 0.8
title:	Security Update 2007-004 v1.1 (PPC)	url:	http://www.apple.com/jp/ftp-info/reference/securityupdate2007004v11ppc.html	Trust: 0.8
title:	Security Update 2007-004 v1.1 (10.3.9 Client)	url:	http://www.apple.com/jp/ftp-info/reference/securityupdate2007004v111039client.html	Trust: 0.8
title:	Security Update 2007-004 (10.3.9 Server)	url:	http://www.apple.com/jp/ftp-info/reference/securityupdate20070041039server.html	Trust: 0.8

sources: JVNDB: JVNDB-2007-000316

EXTERNAL IDS

db:	BID	id:	22148	Trust: 2.8
db:	NVD	id:	CVE-2007-0022	Trust: 2.8
db:	OSVDB	id:	31605	Trust: 2.5
db:	SECTRACK	id:	1017941	Trust: 2.5
db:	USCERT	id:	TA07-109A	Trust: 2.5
db:	SECUNIA	id:	24966	Trust: 2.5
db:	SECUNIA	id:	23793	Trust: 2.5
db:	VUPEN	id:	ADV-2007-1470	Trust: 1.7
db:	VUPEN	id:	ADV-2007-0074	Trust: 1.7
db:	XF	id:	31677	Trust: 1.4
db:	SECUNIA	id:	23903	Trust: 0.9
db:	BID	id:	21975	Trust: 0.8
db:	SECUNIA	id:	23701	Trust: 0.8
db:	SECUNIA	id:	23706	Trust: 0.8
db:	SECUNIA	id:	23667	Trust: 0.8
db:	SECUNIA	id:	23690	Trust: 0.8
db:	SECTRACK	id:	1017494	Trust: 0.8
db:	CERT/CC	id:	VU#831452	Trust: 0.8
db:	USCERT	id:	SA07-109A	Trust: 0.8
db:	JVNDB	id:	JVNDB-2007-000316	Trust: 0.8
db:	CNNVD	id:	CNNVD-200701-367	Trust: 0.7
db:	CERT/CC	id:	TA07-109A	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2007-04-19	Trust: 0.6
db:	PACKETSTORM	id:	53873	Trust: 0.1
db:	VULHUB	id:	VHN-23384	Trust: 0.1
db:	PACKETSTORM	id:	53950	Trust: 0.1

sources: CERT/CC: VU#831452 // VULHUB: VHN-23384 // BID: 22148 // JVNDB: JVNDB-2007-000316 // PACKETSTORM: 53950 // CNNVD: CNNVD-200701-367 // NVD: CVE-2007-0022

REFERENCES

url:	http://www.securityfocus.com/bid/22148	Trust: 2.5
url:	http://www.us-cert.gov/cas/techalerts/ta07-109a.html	Trust: 2.5
url:	http://www.osvdb.org/31605	Trust: 2.5
url:	http://www.securitytracker.com/id?1017941	Trust: 2.5
url:	http://secunia.com/advisories/23793	Trust: 2.5
url:	http://secunia.com/advisories/24966	Trust: 2.5
url:	http://docs.info.apple.com/article.html?artnum=305391	Trust: 2.0
url:	http://projects.info-pull.com/moab/moab-21-01-2007.html	Trust: 2.0
url:	http://lists.apple.com/archives/security-announce/2007/apr/msg00001.html	Trust: 1.7
url:	http://www.frsirt.com/english/advisories/2007/1470	Trust: 1.4
url:	http://xforce.iss.net/xforce/xfdb/31677	Trust: 1.4
url:	http://www.vupen.com/english/advisories/2007/0074	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2007/1470	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/31677	Trust: 1.1
url:	http://secunia.com/advisories/23903/	Trust: 0.9
url:	http://secunia.com/advisories/23690/	Trust: 0.9
url:	http://web.mit.edu/kerberos/www/advisories/mitkrb5-sa-2006-003-mechglue.txt	Trust: 0.8
url:	http://web.mit.edu/kerberos/advisories/2006-003-patch.txt	Trust: 0.8
url:	http://web.mit.edu/kerberos/advisories/2006-003-patch.txt.asc	Trust: 0.8
url:	http://securitytracker.com/alerts/2007/jan/1017494.html	Trust: 0.8
url:	http://www.securityfocus.com/bid/21975	Trust: 0.8
url:	http://secunia.com/advisories/23706/	Trust: 0.8
url:	http://secunia.com/advisories/23701/	Trust: 0.8
url:	http://secunia.com/advisories/23667/	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0022	Trust: 0.8
url:	http://jvn.jp/cert/jvnta07-109a/index.html	Trust: 0.8
url:	http://jvn.jp/tr/trta07-109a/index.html	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0022	Trust: 0.8
url:	http://www.us-cert.gov/cas/alerts/sa07-109a.html	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2007/0074	Trust: 0.6
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	http://www.gentoo.org/security/en/glsa/glsa-200701-21.xml	Trust: 0.1
url:	http://secunia.com/advisories/23696/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/software_inspector/	Trust: 0.1
url:	http://secunia.com/product/339/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: CERT/CC: VU#831452 // VULHUB: VHN-23384 // BID: 22148 // JVNDB: JVNDB-2007-000316 // PACKETSTORM: 53950 // CNNVD: CNNVD-200701-367 // NVD: CVE-2007-0022

CREDITS

Kevin Finisterre dotslash@snosoft.com LMH lmh@info-pull.com

Trust: 0.6

sources: CNNVD: CNNVD-200701-367

SOURCES

db:	CERT/CC	id:	VU#831452
db:	VULHUB	id:	VHN-23384
db:	BID	id:	22148
db:	JVNDB	id:	JVNDB-2007-000316
db:	PACKETSTORM	id:	53950
db:	CNNVD	id:	CNNVD-200701-367
db:	NVD	id:	CVE-2007-0022

LAST UPDATE DATE

2025-05-09T02:17:28.917000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#831452	date:	2007-05-10T00:00:00
db:	VULHUB	id:	VHN-23384	date:	2017-07-29T00:00:00
db:	BID	id:	22148	date:	2007-04-20T16:41:00
db:	JVNDB	id:	JVNDB-2007-000316	date:	2007-05-18T00:00:00
db:	CNNVD	id:	CNNVD-200701-367	date:	2007-07-05T00:00:00
db:	NVD	id:	CVE-2007-0022	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#831452	date:	2007-01-09T00:00:00
db:	VULHUB	id:	VHN-23384	date:	2007-01-23T00:00:00
db:	BID	id:	22148	date:	2007-01-21T00:00:00
db:	JVNDB	id:	JVNDB-2007-000316	date:	2007-05-18T00:00:00
db:	PACKETSTORM	id:	53950	date:	2007-01-27T01:46:45
db:	CNNVD	id:	CNNVD-200701-367	date:	2007-01-22T00:00:00
db:	NVD	id:	CVE-2007-0022	date:	2007-01-23T00:28:00