Sign-up

ID

VAR-200711-0319


CVE

CVE-2007-4702


TITLE

Apple Mac OS X In bypassing application firewall restrictions in Windows

Trust: 0.8

sources: JVNDB: JVNDB-2007-000983

DESCRIPTION

The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions. Apple Mac OS X 10.5's Application Firewall is prone to a misleading configuration weakness because of a flaw in the application's configuration dialog and documentation. This issue may lead to a false sense of security, potentially aiding in network-based attacks. Apple Mac OS X 10.5 is vulnerable to this issue. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. NOTE: The update changes the name of the option and updates the documentation. 3) Changes to Application Firewall settings do not affect processes started by launchd until they are restarted. This may lead to exposure of certain services. Mac OS X 10.5.1 Update: http://www.apple.com/support/downloads/macosx1051update.html Mac OS X Server 10.5.1 Update http://www.apple.com/support/downloads/macosxserver1051update.html PROVIDED AND/OR DISCOVERED BY: J\xfcrgen Schmidt ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307004 heise Security: http://www.heise-security.co.uk/articles/98120 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-4702 // JVNDB: JVNDB-2007-000983 // BID: 26461 // VULHUB: VHN-28064 // PACKETSTORM: 61016

AFFECTED PRODUCTS

vendor:applemodel:mac os x serverscope:eqversion:10.5

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.5

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:v10.5

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.5.1

Trust: 0.3

sources: BID: 26461 // JVNDB: JVNDB-2007-000983 // CNNVD: CNNVD-200711-240 // NVD: CVE-2007-4702

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-4702
value: HIGH

Trust: 1.0

NVD: CVE-2007-4702
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200711-240
value: CRITICAL

Trust: 0.6

VULHUB: VHN-28064
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-4702
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2007-4702
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-28064
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-28064 // JVNDB: JVNDB-2007-000983 // CNNVD: CNNVD-200711-240 // NVD: CVE-2007-4702

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-4702

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200711-240

TYPE

Design Error

Trust: 0.9

sources: BID: 26461 // CNNVD: CNNVD-200711-240

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-000983

PATCH
title:Mac OS X v10.5.1 Updateurl:http://docs.info.apple.com/article.html?artnum=307004-en
Trust: 0.8
title:Mac OS X v10.5.1 Updateurl:http://docs.info.apple.com/article.html?artnum=307004-jp
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-000983

EXTERNAL IDS
db:BIDid:26461
Trust: 2.8
db:NVDid:CVE-2007-4702
Trust: 2.8
db:SECUNIAid:27695
Trust: 2.6
db:SECTRACKid:1018958
Trust: 2.5
db:VUPENid:ADV-2007-3897
Trust: 1.7
db:XFid:38506
Trust: 1.4
db:JVNDBid:JVNDB-2007-000983
Trust: 0.8
db:APPLEid:APPLE-SA-2007-11-15
Trust: 0.6
db:CNNVDid:CNNVD-200711-240
Trust: 0.6
db:VULHUBid:VHN-28064
Trust: 0.1
db:PACKETSTORMid:61016
Trust: 0.1
sources:
            
            
            VULHUB: VHN-28064 // 
            
            
            
            BID: 26461 // 
            
            
            
            JVNDB: JVNDB-2007-000983 // 
            
            
            
            PACKETSTORM: 61016 // 
            
            
            
            CNNVD: CNNVD-200711-240 // 
            
            
            
            NVD: CVE-2007-4702

REFERENCES
url:http://www.securityfocus.com/bid/26461
Trust: 2.5
url:http://securitytracker.com/id?1018958
Trust: 2.5
url:http://docs.info.apple.com/article.html?artnum=307004
Trust: 2.1
url:http://lists.apple.com/archives/security-announce/2007/nov/msg00004.html
Trust: 1.7
url:http://secunia.com/advisories/27695
Trust: 1.7
url:http://www.frsirt.com/english/advisories/2007/3897
Trust: 1.4
url:http://xforce.iss.net/xforce/xfdb/38506
Trust: 1.4
url:http://www.vupen.com/english/advisories/2007/3897
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/38506
Trust: 1.1
url:http://secunia.com/advisories/27695/
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4702
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-4702
Trust: 0.8
url:http://www.apple.com/macosx/
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
Trust: 0.1
url:http://www.apple.com/support/downloads/macosxserver1051update.html
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://www.apple.com/support/downloads/macosx1051update.html
Trust: 0.1
url:http://secunia.com/product/96/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://www.heise-security.co.uk/articles/98120
Trust: 0.1
sources:
            
            
            VULHUB: VHN-28064 // 
            
            
            
            BID: 26461 // 
            
            
            
            JVNDB: JVNDB-2007-000983 // 
            
            
            
            PACKETSTORM: 61016 // 
            
            
            
            CNNVD: CNNVD-200711-240 // 
            
            
            
            NVD: CVE-2007-4702

CREDITS
Apple
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200711-240

SOURCES
db:VULHUBid:VHN-28064
db:BIDid:26461
db:JVNDBid:JVNDB-2007-000983
db:PACKETSTORMid:61016
db:CNNVDid:CNNVD-200711-240
db:NVDid:CVE-2007-4702

LAST UPDATE DATE
2025-04-10T23:03:34.033000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-28064date:2017-07-29T00:00:00
db:BIDid:26461date:2007-11-15T23:14:00
db:JVNDBid:JVNDB-2007-000983date:2007-12-07T00:00:00
db:CNNVDid:CNNVD-200711-240date:2007-11-15T00:00:00
db:NVDid:CVE-2007-4702date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-28064date:2007-11-15T00:00:00
db:BIDid:26461date:2007-11-15T00:00:00
db:JVNDBid:JVNDB-2007-000983date:2007-12-07T00:00:00
db:PACKETSTORMid:61016date:2007-11-20T16:17:55
db:CNNVDid:CNNVD-200711-240date:2007-11-15T00:00:00
db:NVDid:CVE-2007-4702date:2007-11-15T20:46:00