Sign-up

ID

VAR-200701-0516


CVE

CVE-2007-0021


TITLE

Apple iChat AIM URI handler format string vulnerability

Trust: 0.8

sources: CERT/CC: VU#794752

DESCRIPTION

Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service (null pointer dereference and application crash) and possibly execute arbitrary code via format string specifiers in an aim:// URI. Apple iChat contains a format string vulnerability. This vulnerability may allow a remote, unauthenticated attacker to execute arbitary code. A vulnerability in the way Apple Mac OS X handles corrupted Universal Mach-O Binaries may result in execution of arbitrary code or denial of service. Apple iChat is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application and to compromise affected computers. ---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. The vulnerability exists due to an error in the "fpathconf()" syscall when it is called with an unsupported file type and can be exploited to cause a system panic. The vulnerability is confirmed in version 10.4.8. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: Initially discovered in FreeBSD and reported in Mac OS X by Ilja Van Sprundel. ORIGINAL ADVISORY: http://projects.info-pull.com/mokb/MOKB-09-11-2006.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 4.23

sources: NVD: CVE-2007-0021 // CERT/CC: VU#794752 // CERT/CC: VU#346656 // CERT/CC: VU#765096 // JVNDB: JVNDB-2007-000072 // BID: 22146 // VULHUB: VHN-23383 // PACKETSTORM: 51846

AFFECTED PRODUCTS

vendor:apple computermodel: - scope: - version: -

Trust: 2.4

vendor:applemodel:ichatscope:eqversion:3.1.6

Trust: 1.9

vendor:applemodel:mac os xscope:eqversion:v10.3.x

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.4.x

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.3.x

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.4.x

Trust: 0.8

sources: CERT/CC: VU#794752 // CERT/CC: VU#346656 // CERT/CC: VU#765096 // BID: 22146 // JVNDB: JVNDB-2007-000072 // CNNVD: CNNVD-200701-384 // NVD: CVE-2007-0021

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-0021
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#794752
value: 11.85

Trust: 0.8

CARNEGIE MELLON: VU#346656
value: 17.10

Trust: 0.8

CARNEGIE MELLON: VU#765096
value: 5.18

Trust: 0.8

NVD: CVE-2007-0021
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200701-384
value: HIGH

Trust: 0.6

VULHUB: VHN-23383
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-0021
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-23383
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#794752 // CERT/CC: VU#346656 // CERT/CC: VU#765096 // VULHUB: VHN-23383 // JVNDB: JVNDB-2007-000072 // CNNVD: CNNVD-200701-384 // NVD: CVE-2007-0021

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0021

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200701-384

TYPE

format string

Trust: 0.6

sources: CNNVD: CNNVD-200701-384

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-000072

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-23383

PATCH
title:Security Update 2007-002 (Panther)url:http://www.apple.com/support/downloads/securityupdate2007002panther.html
Trust: 0.8
title:Security Update 2007-002 (PPC)url:http://www.apple.com/support/downloads/securityupdate2007002ppc.html
Trust: 0.8
title:Security Update 2007-002 (Universal)url:http://www.apple.com/support/downloads/securityupdate2007002universal.html
Trust: 0.8
title:Security Update 2007-002url:http://docs.info.apple.com/article.html?artnum=305102-en
Trust: 0.8
title:Security Update 2007-002url:http://docs.info.apple.com/article.html?artnum=305102-ja
Trust: 0.8
title:Security Update 2007-002 (PPC)url:http://www.apple.com/jp/ftp-info/reference/securityupdate2007002ppc.html
Trust: 0.8
title:Security Update 2007-002 (Universal)url:http://www.apple.com/jp/ftp-info/reference/securityupdate2007002universal.html
Trust: 0.8
title:Security Update 2007-002 (Panther)url:http://www.apple.com/jp/ftp-info/reference/securityupdate2007002panther.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-000072

EXTERNAL IDS
db:BIDid:22146
Trust: 3.6
db:CERT/CCid:VU#794752
Trust: 3.6
db:SECUNIAid:24198
Trust: 3.3
db:NVDid:CVE-2007-0021
Trust: 2.8
db:SECTRACKid:1017661
Trust: 2.5
db:USCERTid:TA07-047A
Trust: 2.5
db:OSVDBid:32715
Trust: 1.7
db:VUPENid:ADV-2007-0274
Trust: 1.7
db:SECUNIAid:24479
Trust: 1.6
db:SECTRACKid:1017751
Trust: 1.6
db:SECUNIAid:22808
Trust: 0.9
db:SECUNIAid:23088
Trust: 0.8
db:BIDid:21291
Trust: 0.8
db:CERT/CCid:VU#346656
Trust: 0.8
db:BIDid:20982
Trust: 0.8
db:CERT/CCid:VU#765096
Trust: 0.8
db:USCERTid:SA07-047A
Trust: 0.8
db:JVNDBid:JVNDB-2007-000072
Trust: 0.8
db:CNNVDid:CNNVD-200701-384
Trust: 0.7
db:CERT/CCid:TA07-047A
Trust: 0.6
db:XFid:31679
Trust: 0.6
db:APPLEid:APPLE-SA-2007-02-15
Trust: 0.6
db:EXPLOIT-DBid:3166
Trust: 0.1
db:PACKETSTORMid:53872
Trust: 0.1
db:VULHUBid:VHN-23383
Trust: 0.1
db:PACKETSTORMid:51846
Trust: 0.1
sources:
            
            
            CERT/CC: VU#794752 // 
            
            
            
            CERT/CC: VU#346656 // 
            
            
            
            CERT/CC: VU#765096 // 
            
            
            
            VULHUB: VHN-23383 // 
            
            
            
            BID: 22146 // 
            
            
            
            JVNDB: JVNDB-2007-000072 // 
            
            
            
            PACKETSTORM: 51846 // 
            
            
            
            CNNVD: CNNVD-200701-384 // 
            
            
            
            NVD: CVE-2007-0021

REFERENCES
url:http://www.securityfocus.com/bid/22146
Trust: 3.3
url:http://projects.info-pull.com/moab/moab-20-01-2007.html
Trust: 2.8
url:http://www.kb.cert.org/vuls/id/794752
Trust: 2.8
url:http://docs.info.apple.com/article.html?artnum=305102
Trust: 2.5
url:http://www.us-cert.gov/cas/techalerts/ta07-047a.html
Trust: 2.5
url:http://lists.apple.com/archives/security-announce/2007/feb/msg00000.html
Trust: 1.7
url:http://osvdb.org/32715
Trust: 1.7
url:http://www.securitytracker.com/id?1017661
Trust: 1.7
url:http://secunia.com/advisories/24198
Trust: 1.7
url:http://secunia.com/advisories/24198/
Trust: 1.6
url:http://docs.info.apple.com/article.html?artnum=305214
Trust: 1.6
url:http://secunia.com/advisories/24479/
Trust: 1.6
url:http://securitytracker.com/alerts/2007/mar/1017751.html
Trust: 1.6
url:http://www.vupen.com/english/advisories/2007/0274
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/31679
Trust: 1.1
url:http://projects.info-pull.com/mokb/mokb-09-11-2006.html
Trust: 0.9
url:http://secunia.com/advisories/22808/
Trust: 0.9
url:http://securitytracker.com/alerts/2007/feb/1017661.html
Trust: 0.8
url:http://projects.info-pull.com/mokb/mokb-26-11-2006.html
Trust: 0.8
url:http://projects.info-pull.com/mokb/bug-files/mokb-26-11-2006.bz2
Trust: 0.8
url:http://secunia.com/advisories/23088/
Trust: 0.8
url:http://www.securityfocus.com/bid/21291
Trust: 0.8
url:http://www.securityfocus.com/bid/20982
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0021
Trust: 0.8
url:http://jvn.jp/cert/jvnta07-047a/index.html
Trust: 0.8
url:http://jvn.jp/tr/trta07-047a/index.html
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0021
Trust: 0.8
url:http://www.us-cert.gov/cas/alerts/sa07-047a.html
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2007/0274
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/31679
Trust: 0.6
url:http://www.apple.com/ichat/
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://corporate.secunia.com/products/48/?r=l
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/96/
Trust: 0.1
url:http://corporate.secunia.com/how_to_buy/15/?r=l
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CERT/CC: VU#794752 // 
            
            
            
            CERT/CC: VU#346656 // 
            
            
            
            CERT/CC: VU#765096 // 
            
            
            
            VULHUB: VHN-23383 // 
            
            
            
            BID: 22146 // 
            
            
            
            JVNDB: JVNDB-2007-000072 // 
            
            
            
            PACKETSTORM: 51846 // 
            
            
            
            CNNVD: CNNVD-200701-384 // 
            
            
            
            NVD: CVE-2007-0021

CREDITS
LMH
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200701-384

SOURCES
db:CERT/CCid:VU#794752
db:CERT/CCid:VU#346656
db:CERT/CCid:VU#765096
db:VULHUBid:VHN-23383
db:BIDid:22146
db:JVNDBid:JVNDB-2007-000072
db:PACKETSTORMid:51846
db:CNNVDid:CNNVD-200701-384
db:NVDid:CVE-2007-0021

LAST UPDATE DATE
2024-09-19T21:29:58.621000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#794752date:2007-03-05T00:00:00
db:CERT/CCid:VU#346656date:2007-03-30T00:00:00
db:CERT/CCid:VU#765096date:2007-07-21T00:00:00
db:VULHUBid:VHN-23383date:2017-07-29T00:00:00
db:BIDid:22146date:2007-02-20T20:27:00
db:JVNDBid:JVNDB-2007-000072date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200701-384date:2007-01-22T00:00:00
db:NVDid:CVE-2007-0021date:2017-07-29T01:29:54.547

SOURCES RELEASE DATE
db:CERT/CCid:VU#794752date:2007-02-16T00:00:00
db:CERT/CCid:VU#346656date:2007-03-14T00:00:00
db:CERT/CCid:VU#765096date:2007-03-14T00:00:00
db:VULHUBid:VHN-23383date:2007-01-23T00:00:00
db:BIDid:22146date:2007-01-20T00:00:00
db:JVNDBid:JVNDB-2007-000072date:2007-04-01T00:00:00
db:PACKETSTORMid:51846date:2006-11-10T16:02:24
db:CNNVDid:CNNVD-200701-384date:2007-01-22T00:00:00
db:NVDid:CVE-2007-0021date:2007-01-23T00:28:00