Details of VAR-200701-0341

ID

VAR-200701-0341

CVE

CVE-2007-0614

TITLE

Apple Mac OS X fails to properly handle corrupted Universal Mach-O Binaries

Trust: 0.8

sources: CERT/CC: VU#346656

DESCRIPTION

The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key. A vulnerability in the way Apple Mac OS X handles corrupted Universal Mach-O Binaries may result in execution of arbitrary code or denial of service. According to Apple information, iChat of Bonjour In message processing NULL Pointer Dereferencing causes the application to crash.Third parties on the local network can cause the application to crash. Apple iChat is prone to multiple remote denial-of-service vulnerabilities. These issues affect the Bonjour functionality. Apple iChat 3.1.6 is reported affected; other versions may be vulnerable as well. Apple iChat is a video chat tool bundled with Apple's family of operating systems. Several denial-of-service vulnerabilities exist in iChat's Bonjour feature, which allows automatic discovery of computers. There are no restrictions on finding available contacts via mDNS queries, iChat will add the broadcasted _presence._tcp record even if the contact does not exist, so a malicious user can broadcast a fake record so that iChat users using Bonjour cannot discover more peers, unable to communicate reliably. In addition, the iChat agent may have an exception when processing a specially crafted TXT key hash, resulting in a crash when sending a SIGTRAP signal to the process. Trying to start iChat Bonjour again will fail because mDNSResponder keeps a specially crafted record. ---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links Read the full description: http://corporate.secunia.com/products/48/?r=l Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l ---------------------------------------------------------------------- TITLE: Mac OS X Mach-O Universal Binary Memory Corruption SECUNIA ADVISORY ID: SA23088 VERIFY ADVISORY: http://secunia.com/advisories/23088/ CRITICAL: Less critical IMPACT: DoS, System access WHERE: Local system OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: LMH has reported a vulnerability in Mac OS X, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges. The vulnerability is caused due to an error in the fatfile_getarch2() function. This can be exploited to cause an integer overflow and may potentially allow execution of arbitrary code with kernel privileges via a specially crafted Mach-O Universal binary. The vulnerability is reported in a fully patched Mac OS X (2006-11-26). SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: LMH ORIGINAL ADVISORY: http://projects.info-pull.com/mokb/MOKB-26-11-2006.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.51

sources: NVD: CVE-2007-0614 // CERT/CC: VU#346656 // CERT/CC: VU#765096 // JVNDB: JVNDB-2007-000102 // BID: 22304 // VULHUB: VHN-23976 // PACKETSTORM: 52529

AFFECTED PRODUCTS

vendor:	apple	model:	ichat	scope:	eq	version:	3.1.6	Trust: 2.7
vendor:	apple computer	model:	-	scope:	-	version:	-	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.8	Trust: 1.6
vendor:	apple	model:	instant message framework	scope:	eq	version:	428	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.3.x	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.4.x	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.3.x	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.4.x	Trust: 0.8

sources: CERT/CC: VU#346656 // CERT/CC: VU#765096 // BID: 22304 // JVNDB: JVNDB-2007-000102 // CNNVD: CNNVD-200701-594 // NVD: CVE-2007-0614

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-0614
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#346656
value:	17.10
Trust: 0.8
CARNEGIE MELLON:	VU#765096
value:	5.18
Trust: 0.8
NVD:	CVE-2007-0614
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200701-594
value:	HIGH
Trust: 0.6
VULHUB:	VHN-23976
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-0614
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-23976
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#346656 // CERT/CC: VU#765096 // VULHUB: VHN-23976 // JVNDB: JVNDB-2007-000102 // CNNVD: CNNVD-200701-594 // NVD: CVE-2007-0614

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0614

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200701-594

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200701-594

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-000102

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-23976

PATCH

title:	Security Update 2007-002 (PPC)	url:	http://www.apple.com/support/downloads/securityupdate2007002ppc.html	Trust: 0.8
title:	Security Update 2007-002 (Universal)	url:	http://www.apple.com/support/downloads/securityupdate2007002universal.html	Trust: 0.8
title:	Security Update 2007-002 (Panther)	url:	http://www.apple.com/support/downloads/securityupdate2007002panther.html	Trust: 0.8
title:	Security Update 2007-002	url:	http://docs.info.apple.com/article.html?artnum=305102-en	Trust: 0.8
title:	Security Update 2007-002	url:	http://docs.info.apple.com/article.html?artnum=305102-ja	Trust: 0.8
title:	Security Update 2007-002 (Panther)	url:	http://www.apple.com/jp/ftp-info/reference/securityupdate2007002panther.html	Trust: 0.8
title:	Security Update 2007-002 (PPC)	url:	http://www.apple.com/jp/ftp-info/reference/securityupdate2007002ppc.html	Trust: 0.8
title:	Security Update 2007-002 (Universal)	url:	http://www.apple.com/jp/ftp-info/reference/securityupdate2007002universal.html	Trust: 0.8

sources: JVNDB: JVNDB-2007-000102

EXTERNAL IDS

db:	BID	id:	22304	Trust: 2.8
db:	NVD	id:	CVE-2007-0614	Trust: 2.8
db:	SECTRACK	id:	1017661	Trust: 2.5
db:	SECUNIA	id:	23945	Trust: 2.5
db:	SECUNIA	id:	24198	Trust: 2.5
db:	OSVDB	id:	32713	Trust: 1.7
db:	SECUNIA	id:	24479	Trust: 1.6
db:	SECTRACK	id:	1017751	Trust: 1.6
db:	SECUNIA	id:	23088	Trust: 0.9
db:	BID	id:	21291	Trust: 0.8
db:	CERT/CC	id:	VU#346656	Trust: 0.8
db:	SECUNIA	id:	22808	Trust: 0.8
db:	BID	id:	20982	Trust: 0.8
db:	CERT/CC	id:	VU#765096	Trust: 0.8
db:	JVNDB	id:	JVNDB-2007-000102	Trust: 0.8
db:	CNNVD	id:	CNNVD-200701-594	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2007-02-15	Trust: 0.6
db:	EXPLOIT-DB	id:	3230	Trust: 0.1
db:	VULHUB	id:	VHN-23976	Trust: 0.1
db:	PACKETSTORM	id:	52529	Trust: 0.1

sources: CERT/CC: VU#346656 // CERT/CC: VU#765096 // VULHUB: VHN-23976 // BID: 22304 // JVNDB: JVNDB-2007-000102 // PACKETSTORM: 52529 // CNNVD: CNNVD-200701-594 // NVD: CVE-2007-0614

REFERENCES

url:	http://www.securityfocus.com/bid/22304	Trust: 2.5
url:	http://www.securitytracker.com/id?1017661	Trust: 2.5
url:	http://docs.info.apple.com/article.html?artnum=305102	Trust: 2.0
url:	http://projects.info-pull.com/moab/moab-29-01-2007.html	Trust: 2.0
url:	http://lists.apple.com/archives/security-announce/2007/feb/msg00000.html	Trust: 1.7
url:	http://www.osvdb.org/32713	Trust: 1.7
url:	http://secunia.com/advisories/23945	Trust: 1.7
url:	http://secunia.com/advisories/24198	Trust: 1.7
url:	http://docs.info.apple.com/article.html?artnum=305214	Trust: 1.6
url:	http://secunia.com/advisories/24479/	Trust: 1.6
url:	http://securitytracker.com/alerts/2007/mar/1017751.html	Trust: 1.6
url:	http://projects.info-pull.com/mokb/mokb-26-11-2006.html	Trust: 0.9
url:	http://secunia.com/advisories/23088/	Trust: 0.9
url:	http://projects.info-pull.com/mokb/bug-files/mokb-26-11-2006.bz2	Trust: 0.8
url:	http://www.securityfocus.com/bid/21291	Trust: 0.8
url:	http://projects.info-pull.com/mokb/mokb-09-11-2006.html	Trust: 0.8
url:	http://secunia.com/advisories/22808/	Trust: 0.8
url:	http://www.securityfocus.com/bid/20982	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0614	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0614	Trust: 0.8
url:	http://secunia.com/advisories/23945/	Trust: 0.8
url:	http://secunia.com/advisories/24198/	Trust: 0.8
url:	http://www.apple.com/ichat/	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://corporate.secunia.com/products/48/?r=l	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/96/	Trust: 0.1
url:	http://corporate.secunia.com/how_to_buy/15/?r=l	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

CREDITS

LMH lmh@info-pull.com

Trust: 0.6

sources: CNNVD: CNNVD-200701-594

SOURCES

db:	CERT/CC	id:	VU#346656
db:	CERT/CC	id:	VU#765096
db:	VULHUB	id:	VHN-23976
db:	BID	id:	22304
db:	JVNDB	id:	JVNDB-2007-000102
db:	PACKETSTORM	id:	52529
db:	CNNVD	id:	CNNVD-200701-594
db:	NVD	id:	CVE-2007-0614

LAST UPDATE DATE

2024-09-19T21:03:51.917000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#346656	date:	2007-03-30T00:00:00
db:	CERT/CC	id:	VU#765096	date:	2007-07-21T00:00:00
db:	VULHUB	id:	VHN-23976	date:	2008-09-05T00:00:00
db:	BID	id:	22304	date:	2016-07-06T14:40:00
db:	JVNDB	id:	JVNDB-2007-000102	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200701-594	date:	2007-01-31T00:00:00
db:	NVD	id:	CVE-2007-0614	date:	2008-09-05T21:18:21.880

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#346656	date:	2007-03-14T00:00:00
db:	CERT/CC	id:	VU#765096	date:	2007-03-14T00:00:00
db:	VULHUB	id:	VHN-23976	date:	2007-01-31T00:00:00
db:	BID	id:	22304	date:	2007-01-29T00:00:00
db:	JVNDB	id:	JVNDB-2007-000102	date:	2007-04-01T00:00:00
db:	PACKETSTORM	id:	52529	date:	2006-11-28T00:52:20
db:	CNNVD	id:	CNNVD-200701-594	date:	2007-01-31T00:00:00
db:	NVD	id:	CVE-2007-0614	date:	2007-01-31T11:28:00