Sign-up

ID

VAR-200712-0147


CVE

CVE-2007-6261


TITLE

Apple Mac OS X of load_threadstack Integer overflow vulnerability in functions

Trust: 0.8

sources: JVNDB: JVNDB-2007-002956

DESCRIPTION

Integer overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary. Exploiting this issue allows local, unprivileged users to crash affected kernels, denying further service to legitimate users. Apple Mac OS X 10.4 and 10.5.1 are vulnerable to this issue; other versions may also be affected. A local attacker can trigger this overflow to cause an infinite loop, and the system will become unresponsive. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. The vulnerability is caused due to an integer overflow error in the handling of Mach-O binaries and can be exploited to render the system unresponsive. Other versions may also be affected. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: mu-b ORIGINAL ADVISORY: http://www.digit-labs.org/files/exploits/xnu-macho-dos.c ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-6261 // JVNDB: JVNDB-2007-002956 // BID: 26700 // VULHUB: VHN-29623 // PACKETSTORM: 61490

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.5.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4 to 10.5.1

Trust: 0.8

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4

Trust: 0.3

sources: BID: 26700 // JVNDB: JVNDB-2007-002956 // CNNVD: CNNVD-200712-061 // NVD: CVE-2007-6261

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-6261
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-6261
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200712-061
value: MEDIUM

Trust: 0.6

VULHUB: VHN-29623
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-6261
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-29623
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-29623 // JVNDB: JVNDB-2007-002956 // CNNVD: CNNVD-200712-061 // NVD: CVE-2007-6261

PROBLEMTYPE DATA

problemtype:CWE-189

Trust: 1.9

sources: VULHUB: VHN-29623 // JVNDB: JVNDB-2007-002956 // NVD: CVE-2007-6261

THREAT TYPE

local

Trust: 1.0

sources: BID: 26700 // PACKETSTORM: 61490 // CNNVD: CNNVD-200712-061

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-200712-061

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-002956

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-29623

PATCH
title:Top Pageurl:http://www.apple.com/macosx/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-002956

EXTERNAL IDS
db:NVDid:CVE-2007-6261
Trust: 2.8
db:BIDid:26700
Trust: 2.0
db:SECUNIAid:27884
Trust: 1.8
db:VUPENid:ADV-2007-4095
Trust: 1.7
db:JVNDBid:JVNDB-2007-002956
Trust: 0.8
db:NSFOCUSid:11238
Trust: 0.6
db:XFid:38854
Trust: 0.6
db:CNNVDid:CNNVD-200712-061
Trust: 0.6
db:EXPLOIT-DBid:4689
Trust: 0.1
db:SEEBUGid:SSVID-65021
Trust: 0.1
db:VULHUBid:VHN-29623
Trust: 0.1
db:PACKETSTORMid:61490
Trust: 0.1
sources:
            
            
            VULHUB: VHN-29623 // 
            
            
            
            BID: 26700 // 
            
            
            
            JVNDB: JVNDB-2007-002956 // 
            
            
            
            PACKETSTORM: 61490 // 
            
            
            
            CNNVD: CNNVD-200712-061 // 
            
            
            
            NVD: CVE-2007-6261

REFERENCES
url:http://www.digit-labs.org/files/exploits/xnu-macho-dos.c
Trust: 1.8
url:http://www.securityfocus.com/bid/26700
Trust: 1.7
url:http://secunia.com/advisories/27884
Trust: 1.7
url:http://www.vupen.com/english/advisories/2007/4095
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/38854
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6261
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6261
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2007/4095
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/38854
Trust: 0.6
url:http://www.nsfocus.net/vulndb/11238
Trust: 0.6
url:http://www.apple.com/macosx/
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/96/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/advisories/27884/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-29623 // 
            
            
            
            BID: 26700 // 
            
            
            
            JVNDB: JVNDB-2007-002956 // 
            
            
            
            PACKETSTORM: 61490 // 
            
            
            
            CNNVD: CNNVD-200712-061 // 
            
            
            
            NVD: CVE-2007-6261

CREDITS
mu-b mu-b@digit-labs.org
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200712-061

SOURCES
db:VULHUBid:VHN-29623
db:BIDid:26700
db:JVNDBid:JVNDB-2007-002956
db:PACKETSTORMid:61490
db:CNNVDid:CNNVD-200712-061
db:NVDid:CVE-2007-6261

LAST UPDATE DATE
2025-04-10T23:20:54.300000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-29623date:2017-08-08T00:00:00
db:BIDid:26700date:2007-12-13T03:32:00
db:JVNDBid:JVNDB-2007-002956date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200712-061date:2007-12-06T00:00:00
db:NVDid:CVE-2007-6261date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-29623date:2007-12-06T00:00:00
db:BIDid:26700date:2007-12-04T00:00:00
db:JVNDBid:JVNDB-2007-002956date:2012-06-26T00:00:00
db:PACKETSTORMid:61490date:2007-12-06T03:48:33
db:CNNVDid:CNNVD-200712-061date:2007-12-05T00:00:00
db:NVDid:CVE-2007-6261date:2007-12-06T02:46:00