Details of VAR-200701-0021

ID

VAR-200701-0021

CVE

CVE-2007-0236

TITLE

Apple Mac OS X of _ATPsndrsp Double release vulnerability in functions

Trust: 0.8

sources: JVNDB: JVNDB-2007-001381

DESCRIPTION

Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer overflow. Apple Mac OS X AppleTalk is prone to a heap-overflow vulnerability because it fails to perform sufficient boundary checks on user-supplied data before copying it to a buffer. An attacker could leverage this issue to have arbitrary code execute with administrative privileges. A successful exploit could result in the complete compromise of the affected system. Apple Mac OS X version 10.4.8 is reported vulnerable; other versions may be vulnerable as well. This request triggers a heap buffer overflow vulnerability. ---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links Read the full description: http://corporate.secunia.com/products/48/?r=l Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l ---------------------------------------------------------------------- TITLE: Mac OS X Mach-O Universal Binary Memory Corruption SECUNIA ADVISORY ID: SA23088 VERIFY ADVISORY: http://secunia.com/advisories/23088/ CRITICAL: Less critical IMPACT: DoS, System access WHERE: Local system OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: LMH has reported a vulnerability in Mac OS X, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges. The vulnerability is caused due to an error in the fatfile_getarch2() function. This can be exploited to cause an integer overflow and may potentially allow execution of arbitrary code with kernel privileges via a specially crafted Mach-O Universal binary. Other versions may also be affected. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: LMH ORIGINAL ADVISORY: http://projects.info-pull.com/mokb/MOKB-26-11-2006.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-0236 // JVNDB: JVNDB-2007-001381 // BID: 22041 // VULHUB: VHN-23598 // PACKETSTORM: 52529

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.8	Trust: 2.4
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	ne	version:	x10.4.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.4.9	Trust: 0.3

sources: BID: 22041 // JVNDB: JVNDB-2007-001381 // CNNVD: CNNVD-200701-247 // NVD: CVE-2007-0236

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-0236
value:	HIGH
Trust: 1.0
NVD:	CVE-2007-0236
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200701-247
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-23598
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-0236
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-23598
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-23598 // JVNDB: JVNDB-2007-001381 // CNNVD: CNNVD-200701-247 // NVD: CVE-2007-0236

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-23598 // JVNDB: JVNDB-2007-001381 // NVD: CVE-2007-0236

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200701-247

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200701-247

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001381

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-23598

PATCH

title:

APPLE-SA-2007-03-13

url:

http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html

Trust: 0.8

sources: JVNDB: JVNDB-2007-001381

EXTERNAL IDS

db:	NVD	id:	CVE-2007-0236	Trust: 2.8
db:	USCERT	id:	TA07-072A	Trust: 2.5
db:	BID	id:	22041	Trust: 2.0
db:	SECUNIA	id:	23708	Trust: 1.7
db:	SECUNIA	id:	24479	Trust: 1.7
db:	VUPEN	id:	ADV-2007-0191	Trust: 1.7
db:	VUPEN	id:	ADV-2007-0930	Trust: 1.7
db:	SECTRACK	id:	1017513	Trust: 1.7
db:	SECTRACK	id:	1017751	Trust: 1.7
db:	OSVDB	id:	32687	Trust: 1.7
db:	EXPLOIT-DB	id:	3130	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-001381	Trust: 0.8
db:	CNNVD	id:	CNNVD-200701-247	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2007-03-13	Trust: 0.6
db:	MISC	id:	HTTP://PROJECTS.INFO-PULL.COM/MOAB/MOAB-14-01-2007.HTML	Trust: 0.6
db:	CERT/CC	id:	TA07-072A	Trust: 0.6
db:	MILW0RM	id:	3130	Trust: 0.6
db:	PACKETSTORM	id:	53783	Trust: 0.1
db:	VULHUB	id:	VHN-23598	Trust: 0.1
db:	SECUNIA	id:	23088	Trust: 0.1
db:	PACKETSTORM	id:	52529	Trust: 0.1

sources: VULHUB: VHN-23598 // BID: 22041 // JVNDB: JVNDB-2007-001381 // PACKETSTORM: 52529 // CNNVD: CNNVD-200701-247 // NVD: CVE-2007-0236

REFERENCES

url:	http://www.us-cert.gov/cas/techalerts/ta07-072a.html	Trust: 2.5
url:	http://projects.info-pull.com/moab/moab-14-01-2007.html	Trust: 2.0
url:	http://lists.apple.com/archives/security-announce/2007/mar/msg00002.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/22041	Trust: 1.7
url:	http://docs.info.apple.com/article.html?artnum=305214	Trust: 1.7
url:	http://www.osvdb.org/32687	Trust: 1.7
url:	http://securitytracker.com/id?1017513	Trust: 1.7
url:	http://www.securitytracker.com/id?1017751	Trust: 1.7
url:	http://secunia.com/advisories/23708	Trust: 1.7
url:	http://secunia.com/advisories/24479	Trust: 1.7
url:	https://www.exploit-db.com/exploits/3130	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2007/0191	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2007/0930	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0236	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0236	Trust: 0.8
url:	http://www.milw0rm.com/exploits/3130	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2007/0930	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2007/0191	Trust: 0.6
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://projects.info-pull.com/mokb/mokb-26-11-2006.html	Trust: 0.1
url:	http://corporate.secunia.com/products/48/?r=l	Trust: 0.1
url:	http://secunia.com/advisories/23088/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/96/	Trust: 0.1
url:	http://corporate.secunia.com/how_to_buy/15/?r=l	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-23598 // BID: 22041 // JVNDB: JVNDB-2007-001381 // PACKETSTORM: 52529 // CNNVD: CNNVD-200701-247 // NVD: CVE-2007-0236

CREDITS

Discovered by LMH <lmh@info-pull.com>.

Trust: 0.9

sources: BID: 22041 // CNNVD: CNNVD-200701-247

SOURCES

db:	VULHUB	id:	VHN-23598
db:	BID	id:	22041
db:	JVNDB	id:	JVNDB-2007-001381
db:	PACKETSTORM	id:	52529
db:	CNNVD	id:	CNNVD-200701-247
db:	NVD	id:	CVE-2007-0236

LAST UPDATE DATE

2024-09-19T21:58:41.494000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-23598	date:	2017-10-11T00:00:00
db:	BID	id:	22041	date:	2007-03-14T04:44:00
db:	JVNDB	id:	JVNDB-2007-001381	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200701-247	date:	2007-04-02T00:00:00
db:	NVD	id:	CVE-2007-0236	date:	2017-10-11T01:31:35.830

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-23598	date:	2007-01-16T00:00:00
db:	BID	id:	22041	date:	2007-01-14T00:00:00
db:	JVNDB	id:	JVNDB-2007-001381	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	52529	date:	2006-11-28T00:52:20
db:	CNNVD	id:	CNNVD-200701-247	date:	2007-01-16T00:00:00
db:	NVD	id:	CVE-2007-0236	date:	2007-01-16T18:28:00