Details of VAR-200702-0471

ID

VAR-200702-0471

CVE

CVE-2007-1071

TITLE

Apple Mac OS X ImageIO integer overflow vulnerability

Trust: 0.8

sources: CERT/CC: VU#559444

DESCRIPTION

Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this is a different issue than CVE-2006-3502 and CVE-2006-3503. Apple Mac OS X of ImageIO of gifGetBandProc The function contains an integer overflow vulnerability. Remote attackers may use this vulnerability to control the user's machine. When decompressing specially crafted .gif files, the gifGetBandProc function in ImageIO did not correctly parse malformed data, resulting in denial of service or execution of arbitrary commands. ---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links Read the full description: http://corporate.secunia.com/products/48/?r=l Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l ---------------------------------------------------------------------- TITLE: Mac OS X Mach-O Universal Binary Memory Corruption SECUNIA ADVISORY ID: SA23088 VERIFY ADVISORY: http://secunia.com/advisories/23088/ CRITICAL: Less critical IMPACT: DoS, System access WHERE: Local system OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: LMH has reported a vulnerability in Mac OS X, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges. The vulnerability is caused due to an error in the fatfile_getarch2() function. Other versions may also be affected. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: LMH ORIGINAL ADVISORY: http://projects.info-pull.com/mokb/MOKB-26-11-2006.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2007-1071 // CERT/CC: VU#559444 // JVNDB: JVNDB-2007-001604 // BID: 22630 // VULHUB: VHN-24433 // PACKETSTORM: 52529

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.8	Trust: 2.4
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.4.8	Trust: 1.6
vendor:	apple computer	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	ne	version:	x10.4.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.4.9	Trust: 0.3

sources: CERT/CC: VU#559444 // BID: 22630 // JVNDB: JVNDB-2007-001604 // CNNVD: CNNVD-200702-441 // NVD: CVE-2007-1071

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-1071
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#559444
value:	2.07
Trust: 0.8
NVD:	CVE-2007-1071
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200702-441
value:	HIGH
Trust: 0.6
VULHUB:	VHN-24433
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-1071
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-24433
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#559444 // VULHUB: VHN-24433 // JVNDB: JVNDB-2007-001604 // CNNVD: CNNVD-200702-441 // NVD: CVE-2007-1071

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-1071

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200702-441

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-200702-441

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001604

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-24433

PATCH

title:

APPLE-SA-2007-03-13

url:

http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html

Trust: 0.8

sources: JVNDB: JVNDB-2007-001604

EXTERNAL IDS

db:	CERT/CC	id:	VU#559444	Trust: 3.6
db:	BID	id:	22630	Trust: 2.8
db:	NVD	id:	CVE-2007-1071	Trust: 2.8
db:	SECUNIA	id:	24479	Trust: 2.5
db:	SECTRACK	id:	1017758	Trust: 2.5
db:	USCERT	id:	TA07-072A	Trust: 2.5
db:	VUPEN	id:	ADV-2007-0930	Trust: 1.7
db:	OSVDB	id:	34854	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-001604	Trust: 0.8
db:	CNNVD	id:	CNNVD-200702-441	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2007-03-13	Trust: 0.6
db:	CERT/CC	id:	TA07-072A	Trust: 0.6
db:	SEEBUG	id:	SSVID-83112	Trust: 0.1
db:	EXPLOIT-DB	id:	29620	Trust: 0.1
db:	VULHUB	id:	VHN-24433	Trust: 0.1
db:	SECUNIA	id:	23088	Trust: 0.1
db:	PACKETSTORM	id:	52529	Trust: 0.1

sources: CERT/CC: VU#559444 // VULHUB: VHN-24433 // BID: 22630 // JVNDB: JVNDB-2007-001604 // PACKETSTORM: 52529 // CNNVD: CNNVD-200702-441 // NVD: CVE-2007-1071

REFERENCES

url:	http://www.kb.cert.org/vuls/id/559444	Trust: 2.8
url:	http://docs.info.apple.com/article.html?artnum=305214	Trust: 2.5
url:	http://www.securityfocus.com/bid/22630	Trust: 2.5
url:	http://www.us-cert.gov/cas/techalerts/ta07-072a.html	Trust: 2.5
url:	http://security-protocols.com/sp-x39-advisory.php	Trust: 2.0
url:	http://lists.apple.com/archives/security-announce/2007/mar/msg00002.html	Trust: 1.7
url:	http://www.osvdb.org/34854	Trust: 1.7
url:	http://www.securitytracker.com/id?1017758	Trust: 1.7
url:	http://secunia.com/advisories/24479	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2007/0930	Trust: 1.1
url:	http://developer.apple.com/graphicsimaging/workingwithimageio.html	Trust: 0.8
url:	http://secunia.com/advisories/24479/	Trust: 0.8
url:	https://www.securecoding.cert.org/confluence/display/seccode/int32-c.+ensure+that+integer+operations+do+not+result+in+an+overflow	Trust: 0.8
url:	http://en.wikipedia.org/wiki/gif	Trust: 0.8
url:	http://securitytracker.com/alerts/2007/mar/1017758.html	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1071	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1071	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2007/0930	Trust: 0.6
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://projects.info-pull.com/mokb/mokb-26-11-2006.html	Trust: 0.1
url:	http://corporate.secunia.com/products/48/?r=l	Trust: 0.1
url:	http://secunia.com/advisories/23088/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/96/	Trust: 0.1
url:	http://corporate.secunia.com/how_to_buy/15/?r=l	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: CERT/CC: VU#559444 // VULHUB: VHN-24433 // BID: 22630 // JVNDB: JVNDB-2007-001604 // PACKETSTORM: 52529 // CNNVD: CNNVD-200702-441 // NVD: CVE-2007-1071

CREDITS

Tom Ferris

Trust: 0.6

sources: CNNVD: CNNVD-200702-441

SOURCES

db:	CERT/CC	id:	VU#559444
db:	VULHUB	id:	VHN-24433
db:	BID	id:	22630
db:	JVNDB	id:	JVNDB-2007-001604
db:	PACKETSTORM	id:	52529
db:	CNNVD	id:	CNNVD-200702-441
db:	NVD	id:	CVE-2007-1071

LAST UPDATE DATE

2024-09-19T19:43:25.116000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#559444	date:	2007-10-01T00:00:00
db:	VULHUB	id:	VHN-24433	date:	2011-03-08T00:00:00
db:	BID	id:	22630	date:	2007-03-15T03:34:00
db:	JVNDB	id:	JVNDB-2007-001604	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200702-441	date:	2007-03-26T00:00:00
db:	NVD	id:	CVE-2007-1071	date:	2011-03-08T02:51:14.987

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#559444	date:	2007-03-14T00:00:00
db:	VULHUB	id:	VHN-24433	date:	2007-02-22T00:00:00
db:	BID	id:	22630	date:	2007-02-20T00:00:00
db:	JVNDB	id:	JVNDB-2007-001604	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	52529	date:	2006-11-28T00:52:20
db:	CNNVD	id:	CNNVD-200702-441	date:	2007-02-22T00:00:00
db:	NVD	id:	CVE-2007-1071	date:	2007-02-22T22:28:00