ID

VAR-200701-0061


CVE

CVE-2007-0197


TITLE

Apple Mac OS X Finder DMG Volume Memory Corruption Vulnerability

Trust: 0.9

sources: BID: 21980 // CNNVD: CNNVD-200701-133

DESCRIPTION

Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption. Apple Mac OS X Finder is prone to a memory-corruption vulnerability. This issue occurs when the application fails to handle overly long DMG volume names. Due to the nature of this issue, an attacker may be able to execute arbitrary machine code in the context of the affected application, but this has not been confirmed. Failed exploit attempts result in memory corruption and a crash of the application, denying service to legitimate users. Finder 10.4.6 on Mac OS X 10.4.8 X86 is vulnerable to this issue; other versions may also be affected. Remote attackers may use this vulnerability to control the user's machine. If an attacker can trick a user into loading a DMG image with a volume label name larger than 255 bytes, this vulnerability could be triggered, resulting in a denial of service or arbitrary command execution. ---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. The vulnerability exists due to an error in the "fpathconf()" syscall when it is called with an unsupported file type and can be exploited to cause a system panic. The vulnerability is confirmed in version 10.4.8. Other versions may also be affected. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: Initially discovered in FreeBSD and reported in Mac OS X by Ilja Van Sprundel. ORIGINAL ADVISORY: http://projects.info-pull.com/mokb/MOKB-09-11-2006.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 4.23

sources: NVD: CVE-2007-0197 // CERT/CC: VU#240880 // CERT/CC: VU#346656 // CERT/CC: VU#765096 // JVNDB: JVNDB-2007-000013 // BID: 21980 // VULHUB: VHN-23559 // PACKETSTORM: 51846

AFFECTED PRODUCTS

vendor:apple computermodel: - scope: - version: -

Trust: 2.4

vendor:applemodel:mac os xscope:eqversion:10.4.8

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.6

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:v10.4.x

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.4.x

Trust: 0.8

vendor:applemodel:finderscope:eqversion:10.4.6

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.8

Trust: 0.3

sources: CERT/CC: VU#240880 // CERT/CC: VU#346656 // CERT/CC: VU#765096 // BID: 21980 // JVNDB: JVNDB-2007-000013 // CNNVD: CNNVD-200701-133 // NVD: CVE-2007-0197

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-0197
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#240880
value: 10.29

Trust: 0.8

CARNEGIE MELLON: VU#346656
value: 17.10

Trust: 0.8

CARNEGIE MELLON: VU#765096
value: 5.18

Trust: 0.8

NVD: CVE-2007-0197
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200701-133
value: MEDIUM

Trust: 0.6

VULHUB: VHN-23559
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-0197
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-23559
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#240880 // CERT/CC: VU#346656 // CERT/CC: VU#765096 // VULHUB: VHN-23559 // JVNDB: JVNDB-2007-000013 // CNNVD: CNNVD-200701-133 // NVD: CVE-2007-0197

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-23559 // JVNDB: JVNDB-2007-000013 // NVD: CVE-2007-0197

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200701-133

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-200701-133

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-000013

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-23559

PATCH

title:Security Update 2007-002 (PPC)url:http://www.apple.com/support/downloads/securityupdate2007002ppc.html

Trust: 0.8

title:Security Update 2007-002 (Universal)url:http://www.apple.com/support/downloads/securityupdate2007002universal.html

Trust: 0.8

title:Security Update 2007-002url:http://docs.info.apple.com/article.html?artnum=305102-en

Trust: 0.8

title:Security Update 2007-002url:http://docs.info.apple.com/article.html?artnum=305102-ja

Trust: 0.8

title:Security Update 2007-002 (PPC)url:http://www.apple.com/jp/ftp-info/reference/securityupdate2007002ppc.html

Trust: 0.8

title:Security Update 2007-002 (Universal)url:http://www.apple.com/jp/ftp-info/reference/securityupdate2007002universal.html

Trust: 0.8

sources: JVNDB: JVNDB-2007-000013

EXTERNAL IDS

db:BIDid:21980

Trust: 3.6

db:CERT/CCid:VU#240880

Trust: 3.6

db:SECTRACKid:1017662

Trust: 3.3

db:SECUNIAid:24198

Trust: 3.3

db:NVDid:CVE-2007-0197

Trust: 2.8

db:USCERTid:TA07-047A

Trust: 2.5

db:VUPENid:ADV-2007-0140

Trust: 1.7

db:OSVDBid:32714

Trust: 1.7

db:SECUNIAid:24479

Trust: 1.6

db:SECTRACKid:1017751

Trust: 1.6

db:XFid:31410

Trust: 1.4

db:SECUNIAid:22808

Trust: 0.9

db:SECUNIAid:23088

Trust: 0.8

db:BIDid:21291

Trust: 0.8

db:CERT/CCid:VU#346656

Trust: 0.8

db:BIDid:20982

Trust: 0.8

db:CERT/CCid:VU#765096

Trust: 0.8

db:USCERTid:SA07-047A

Trust: 0.8

db:JVNDBid:JVNDB-2007-000013

Trust: 0.8

db:CNNVDid:CNNVD-200701-133

Trust: 0.7

db:CERT/CCid:TA07-047A

Trust: 0.6

db:APPLEid:APPLE-SA-2007-02-15

Trust: 0.6

db:BUGTRAQid:20070111 DMA[2007-0107A] OMNIWEB JAVASCRIPT ALERT FORMAT STRING VULNERABIITY AND DMA[2007-0109A] APPLE FINDER DISK IMAGE VOLUME LABEL OVERFLOW / DOS

Trust: 0.6

db:EXPLOIT-DBid:3110

Trust: 0.1

db:VULHUBid:VHN-23559

Trust: 0.1

db:PACKETSTORMid:51846

Trust: 0.1

sources: CERT/CC: VU#240880 // CERT/CC: VU#346656 // CERT/CC: VU#765096 // VULHUB: VHN-23559 // BID: 21980 // JVNDB: JVNDB-2007-000013 // PACKETSTORM: 51846 // CNNVD: CNNVD-200701-133 // NVD: CVE-2007-0197

REFERENCES

url:http://www.securityfocus.com/bid/21980

Trust: 3.3

url:http://projects.info-pull.com/moab/moab-09-01-2007.html

Trust: 2.8

url:http://www.kb.cert.org/vuls/id/240880

Trust: 2.8

url:http://docs.info.apple.com/article.html?artnum=305102

Trust: 2.5

url:http://www.us-cert.gov/cas/techalerts/ta07-047a.html

Trust: 2.5

url:http://www.securitytracker.com/id?1017662

Trust: 2.5

url:http://lists.apple.com/archives/security-announce/2007/feb/msg00000.html

Trust: 1.7

url:http://www.digitalmunition.com/dma%5b2007-0109a%5d.txt

Trust: 1.7

url:http://www.osvdb.org/32714

Trust: 1.7

url:http://secunia.com/advisories/24198

Trust: 1.7

url:http://secunia.com/advisories/24198/

Trust: 1.6

url:http://docs.info.apple.com/article.html?artnum=305214

Trust: 1.6

url:http://secunia.com/advisories/24479/

Trust: 1.6

url:http://securitytracker.com/alerts/2007/mar/1017751.html

Trust: 1.6

url:http://www.frsirt.com/english/advisories/2007/0140

Trust: 1.4

url:http://xforce.iss.net/xforce/xfdb/31410

Trust: 1.4

url:http://www.securityfocus.com/archive/1/456578/100/0/threaded

Trust: 1.1

url:http://www.vupen.com/english/advisories/2007/0140

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/31410

Trust: 1.1

url:http://projects.info-pull.com/mokb/mokb-09-11-2006.html

Trust: 0.9

url:http://secunia.com/advisories/22808/

Trust: 0.9

url:http://securitytracker.com/alerts/2007/feb/1017662.html

Trust: 0.8

url:http://projects.info-pull.com/mokb/mokb-26-11-2006.html

Trust: 0.8

url:http://projects.info-pull.com/mokb/bug-files/mokb-26-11-2006.bz2

Trust: 0.8

url:http://secunia.com/advisories/23088/

Trust: 0.8

url:http://www.securityfocus.com/bid/21291

Trust: 0.8

url:http://www.securityfocus.com/bid/20982

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0197

Trust: 0.8

url:http://jvn.jp/cert/jvnta07-047a/index.html

Trust: 0.8

url:http://jvn.jp/tr/trta07-047a/index.html

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0197

Trust: 0.8

url:http://www.us-cert.gov/cas/alerts/sa07-047a.html

Trust: 0.8

url:http://www.securityfocus.com/archive/1/archive/1/456578/100/0/threaded

Trust: 0.6

url:http://www.digitalmunition.com/dma[2007-0109a].txt

Trust: 0.3

url:http://www.apple.com/macosx/

Trust: 0.3

url:/archive/1/456578

Trust: 0.3

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://corporate.secunia.com/products/48/?r=l

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/product/96/

Trust: 0.1

url:http://corporate.secunia.com/how_to_buy/15/?r=l

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: CERT/CC: VU#240880 // CERT/CC: VU#346656 // CERT/CC: VU#765096 // VULHUB: VHN-23559 // BID: 21980 // JVNDB: JVNDB-2007-000013 // PACKETSTORM: 51846 // CNNVD: CNNVD-200701-133 // NVD: CVE-2007-0197

CREDITS

LMH lmh@info-pull.com

Trust: 0.6

sources: CNNVD: CNNVD-200701-133

SOURCES

db:CERT/CCid:VU#240880
db:CERT/CCid:VU#346656
db:CERT/CCid:VU#765096
db:VULHUBid:VHN-23559
db:BIDid:21980
db:JVNDBid:JVNDB-2007-000013
db:PACKETSTORMid:51846
db:CNNVDid:CNNVD-200701-133
db:NVDid:CVE-2007-0197

LAST UPDATE DATE

2024-11-20T19:37:43.347000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#240880date:2007-02-23T00:00:00
db:CERT/CCid:VU#346656date:2007-03-30T00:00:00
db:CERT/CCid:VU#765096date:2007-07-21T00:00:00
db:VULHUBid:VHN-23559date:2018-10-16T00:00:00
db:BIDid:21980date:2007-02-20T20:26:00
db:JVNDBid:JVNDB-2007-000013date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200701-133date:2007-01-15T00:00:00
db:NVDid:CVE-2007-0197date:2018-10-16T16:31:40.417

SOURCES RELEASE DATE

db:CERT/CCid:VU#240880date:2007-02-16T00:00:00
db:CERT/CCid:VU#346656date:2007-03-14T00:00:00
db:CERT/CCid:VU#765096date:2007-03-14T00:00:00
db:VULHUBid:VHN-23559date:2007-01-11T00:00:00
db:BIDid:21980date:2007-01-09T00:00:00
db:JVNDBid:JVNDB-2007-000013date:2007-04-01T00:00:00
db:PACKETSTORMid:51846date:2006-11-10T16:02:24
db:CNNVDid:CNNVD-200701-133date:2007-01-11T00:00:00
db:NVDid:CVE-2007-0197date:2007-01-11T11:28:00