Details of VAR-200701-0577

ID

VAR-200701-0577

CVE

CVE-2007-0117

TITLE

DiskManagement.framework of DiskManagementTool Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2007-001341

DESCRIPTION

DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation. Apple DiskManagement framework is prone to local privilege-escalation vulnerability. This issue occurs when handling specially crafted Bill Of Material (BOM) files. A successful exploit would allow a local attacker to execute arbitrary code with superuser privileges. A successful exploit would lead to the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition. This issue affects DiskManagement 92.29 and Mac OS X 10.4.8; prior versions may also be affected. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Mac OS X BOM Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA23653 VERIFY ADVISORY: http://secunia.com/advisories/23653/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: A vulnerability has been reported in Mac OS X, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is reported in version 10.4.8 . Other versions may also be affected. SOLUTION: Remove the setuid bit from /System/Library/PrivateFrameworks/DiskManagement.framework/Resources/DiskManagementTool. PROVIDED AND/OR DISCOVERED BY: Discovered as a 0-day and reported by LMH and Kevin Finisterre (MOAB). ORIGINAL ADVISORY: http://projects.info-pull.com/moab/MOAB-05-01-2007.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-0117 // JVNDB: JVNDB-2007-001341 // BID: 21899 // VULHUB: VHN-23479 // PACKETSTORM: 53489

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.8	Trust: 2.4
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.4.8	Trust: 1.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.8	Trust: 0.3

sources: BID: 21899 // JVNDB: JVNDB-2007-001341 // CNNVD: CNNVD-200701-055 // NVD: CVE-2007-0117

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-0117
value:	HIGH
Trust: 1.0
NVD:	CVE-2007-0117
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200701-055
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-23479
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-0117
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-23479
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-23479 // JVNDB: JVNDB-2007-001341 // CNNVD: CNNVD-200701-055 // NVD: CVE-2007-0117

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0117

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200701-055

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 21899 // CNNVD: CNNVD-200701-055

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001341

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-23479

PATCH

title:

Top Page

url:

http://www.apple.com/macosx/

Trust: 0.8

sources: JVNDB: JVNDB-2007-001341

EXTERNAL IDS

db:	NVD	id:	CVE-2007-0117	Trust: 2.5
db:	BID	id:	21899	Trust: 2.0
db:	SECUNIA	id:	23653	Trust: 1.8
db:	VUPEN	id:	ADV-2007-0074	Trust: 1.7
db:	OSVDB	id:	31167	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-001341	Trust: 0.8
db:	CNNVD	id:	CNNVD-200701-055	Trust: 0.7
db:	EXPLOIT-DB	id:	3088	Trust: 0.1
db:	EXPLOIT-DB	id:	3087	Trust: 0.1
db:	VULHUB	id:	VHN-23479	Trust: 0.1
db:	PACKETSTORM	id:	53489	Trust: 0.1

sources: VULHUB: VHN-23479 // BID: 21899 // JVNDB: JVNDB-2007-001341 // PACKETSTORM: 53489 // CNNVD: CNNVD-200701-055 // NVD: CVE-2007-0117

REFERENCES

url:	http://projects.info-pull.com/moab/moab-05-01-2007.html	Trust: 2.1
url:	http://www.securityfocus.com/bid/21899	Trust: 1.7
url:	http://osvdb.org/31167	Trust: 1.7
url:	http://secunia.com/advisories/23653	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2007/0074	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0117	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0117	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2007/0074	Trust: 0.6
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/software_inspector/	Trust: 0.1
url:	http://secunia.com/advisories/23653/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/96/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-23479 // BID: 21899 // JVNDB: JVNDB-2007-001341 // PACKETSTORM: 53489 // CNNVD: CNNVD-200701-055 // NVD: CVE-2007-0117

CREDITS

LMH

Trust: 0.6

sources: CNNVD: CNNVD-200701-055

SOURCES

db:	VULHUB	id:	VHN-23479
db:	BID	id:	21899
db:	JVNDB	id:	JVNDB-2007-001341
db:	PACKETSTORM	id:	53489
db:	CNNVD	id:	CNNVD-200701-055
db:	NVD	id:	CVE-2007-0117

LAST UPDATE DATE

2025-04-10T19:34:01.828000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-23479	date:	2011-03-08T00:00:00
db:	BID	id:	21899	date:	2007-01-08T17:06:00
db:	JVNDB	id:	JVNDB-2007-001341	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200701-055	date:	2007-01-11T00:00:00
db:	NVD	id:	CVE-2007-0117	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-23479	date:	2007-01-09T00:00:00
db:	BID	id:	21899	date:	2007-01-05T00:00:00
db:	JVNDB	id:	JVNDB-2007-001341	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	53489	date:	2007-01-10T18:19:08
db:	CNNVD	id:	CNNVD-200701-055	date:	2007-01-08T00:00:00
db:	NVD	id:	CVE-2007-0117	date:	2007-01-09T02:28:00