Details of VAR-200701-0340

ID

VAR-200701-0340

CVE

CVE-2007-0613

TITLE

Apple Mac OS X fails to properly handle corrupted Universal Mach-O Binaries

Trust: 0.8

sources: CERT/CC: VU#346656

DESCRIPTION

The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 does not check for duplicate entries when adding newly discovered available contacts, which allows remote attackers to cause a denial of service (disrupted communication) via a flood of duplicate _presence._tcp mDNS queries. A vulnerability in the way Apple Mac OS X handles corrupted Universal Mach-O Binaries may result in execution of arbitrary code or denial of service. Apple iChat is prone to multiple remote denial-of-service vulnerabilities. These issues affect the Bonjour functionality. Apple iChat 3.1.6 is reported affected; other versions may be vulnerable as well. Apple iChat is a video chat tool bundled with Apple's family of operating systems. Several denial-of-service vulnerabilities exist in iChat's Bonjour feature, which allows automatic discovery of computers. There are no restrictions on finding available contacts via mDNS queries, iChat will add the broadcasted _presence._tcp record even if the contact does not exist, so a malicious user can broadcast a fake record so that iChat users using Bonjour cannot discover more peers, unable to communicate reliably. In addition, the iChat agent may have an exception when processing a specially crafted TXT key hash, resulting in a crash when sending a SIGTRAP signal to the process. Trying to start iChat Bonjour again will fail because mDNSResponder keeps a specially crafted record. ---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links Read the full description: http://corporate.secunia.com/products/48/?r=l Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l ---------------------------------------------------------------------- TITLE: Mac OS X Mach-O Universal Binary Memory Corruption SECUNIA ADVISORY ID: SA23088 VERIFY ADVISORY: http://secunia.com/advisories/23088/ CRITICAL: Less critical IMPACT: DoS, System access WHERE: Local system OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: LMH has reported a vulnerability in Mac OS X, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges. The vulnerability is caused due to an error in the fatfile_getarch2() function. This can be exploited to cause an integer overflow and may potentially allow execution of arbitrary code with kernel privileges via a specially crafted Mach-O Universal binary. The vulnerability is reported in a fully patched Mac OS X (2006-11-26). SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: LMH ORIGINAL ADVISORY: http://projects.info-pull.com/mokb/MOKB-26-11-2006.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.51

sources: NVD: CVE-2007-0613 // CERT/CC: VU#346656 // CERT/CC: VU#765096 // JVNDB: JVNDB-2007-001482 // BID: 22304 // VULHUB: VHN-23975 // PACKETSTORM: 52529

AFFECTED PRODUCTS

vendor:	apple	model:	ichat	scope:	eq	version:	3.1.6	Trust: 2.7
vendor:	apple	model:	instant message framework	scope:	eq	version:	428	Trust: 2.4
vendor:	apple computer	model:	-	scope:	-	version:	-	Trust: 1.6
vendor:	apple	model:	mdnsresponder	scope:	-	version:	-	Trust: 1.4
vendor:	apple	model:	mdnsresponder	scope:	eq	version:	*	Trust: 1.0

sources: CERT/CC: VU#346656 // CERT/CC: VU#765096 // BID: 22304 // JVNDB: JVNDB-2007-001482 // CNNVD: CNNVD-200701-592 // NVD: CVE-2007-0613

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-0613
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#346656
value:	17.10
Trust: 0.8
CARNEGIE MELLON:	VU#765096
value:	5.18
Trust: 0.8
NVD:	CVE-2007-0613
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200701-592
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-23975
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-0613
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-23975
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#346656 // CERT/CC: VU#765096 // VULHUB: VHN-23975 // JVNDB: JVNDB-2007-001482 // CNNVD: CNNVD-200701-592 // NVD: CVE-2007-0613

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0613

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200701-592

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200701-592

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001482

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-23975

PATCH

title:

Security Update 2007-002

url:

http://support.apple.com/kb/TA24579?viewlocale=en_US

Trust: 0.8

sources: JVNDB: JVNDB-2007-001482

EXTERNAL IDS

db:	NVD	id:	CVE-2007-0613	Trust: 2.8
db:	BID	id:	22304	Trust: 2.0
db:	OSVDB	id:	32698	Trust: 1.7
db:	OSVDB	id:	32699	Trust: 1.7
db:	SECUNIA	id:	24479	Trust: 1.6
db:	SECTRACK	id:	1017751	Trust: 1.6
db:	SECUNIA	id:	23088	Trust: 0.9
db:	BID	id:	21291	Trust: 0.8
db:	CERT/CC	id:	VU#346656	Trust: 0.8
db:	SECUNIA	id:	22808	Trust: 0.8
db:	BID	id:	20982	Trust: 0.8
db:	CERT/CC	id:	VU#765096	Trust: 0.8
db:	JVNDB	id:	JVNDB-2007-001482	Trust: 0.8
db:	CNNVD	id:	CNNVD-200701-592	Trust: 0.7
db:	EXPLOIT-DB	id:	3230	Trust: 0.1
db:	VULHUB	id:	VHN-23975	Trust: 0.1
db:	PACKETSTORM	id:	52529	Trust: 0.1

sources: CERT/CC: VU#346656 // CERT/CC: VU#765096 // VULHUB: VHN-23975 // BID: 22304 // JVNDB: JVNDB-2007-001482 // PACKETSTORM: 52529 // CNNVD: CNNVD-200701-592 // NVD: CVE-2007-0613

REFERENCES

url:	http://projects.info-pull.com/moab/moab-29-01-2007.html	Trust: 2.0
url:	http://www.securityfocus.com/bid/22304	Trust: 1.7
url:	http://www.osvdb.org/32698	Trust: 1.7
url:	http://www.osvdb.org/32699	Trust: 1.7
url:	http://docs.info.apple.com/article.html?artnum=305214	Trust: 1.6
url:	http://secunia.com/advisories/24479/	Trust: 1.6
url:	http://securitytracker.com/alerts/2007/mar/1017751.html	Trust: 1.6
url:	http://projects.info-pull.com/mokb/mokb-26-11-2006.html	Trust: 0.9
url:	http://secunia.com/advisories/23088/	Trust: 0.9
url:	http://projects.info-pull.com/mokb/bug-files/mokb-26-11-2006.bz2	Trust: 0.8
url:	http://www.securityfocus.com/bid/21291	Trust: 0.8
url:	http://projects.info-pull.com/mokb/mokb-09-11-2006.html	Trust: 0.8
url:	http://secunia.com/advisories/22808/	Trust: 0.8
url:	http://www.securityfocus.com/bid/20982	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0613	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0613	Trust: 0.8
url:	http://docs.info.apple.com/article.html?artnum=305102	Trust: 0.3
url:	http://www.apple.com/ichat/	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://corporate.secunia.com/products/48/?r=l	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/96/	Trust: 0.1
url:	http://corporate.secunia.com/how_to_buy/15/?r=l	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

CREDITS

LMH lmh@info-pull.com

Trust: 0.6

sources: CNNVD: CNNVD-200701-592

SOURCES

db:	CERT/CC	id:	VU#346656
db:	CERT/CC	id:	VU#765096
db:	VULHUB	id:	VHN-23975
db:	BID	id:	22304
db:	JVNDB	id:	JVNDB-2007-001482
db:	PACKETSTORM	id:	52529
db:	CNNVD	id:	CNNVD-200701-592
db:	NVD	id:	CVE-2007-0613

LAST UPDATE DATE

2024-09-19T21:28:04.282000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#346656	date:	2007-03-30T00:00:00
db:	CERT/CC	id:	VU#765096	date:	2007-07-21T00:00:00
db:	VULHUB	id:	VHN-23975	date:	2008-09-05T00:00:00
db:	BID	id:	22304	date:	2016-07-06T14:40:00
db:	JVNDB	id:	JVNDB-2007-001482	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200701-592	date:	2007-02-02T00:00:00
db:	NVD	id:	CVE-2007-0613	date:	2008-09-05T21:18:21.727

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#346656	date:	2007-03-14T00:00:00
db:	CERT/CC	id:	VU#765096	date:	2007-03-14T00:00:00
db:	VULHUB	id:	VHN-23975	date:	2007-01-31T00:00:00
db:	BID	id:	22304	date:	2007-01-29T00:00:00
db:	JVNDB	id:	JVNDB-2007-001482	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	52529	date:	2006-11-28T00:52:20
db:	CNNVD	id:	CNNVD-200701-592	date:	2007-01-31T00:00:00
db:	NVD	id:	CVE-2007-0613	date:	2007-01-31T11:28:00