CVE-2007-4268

Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message with a negative value, which satisfies a signed comparison during mbuf allocation but is later interpreted as an unsigned value, which triggers a heap-based buffer overflow.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://docs.info.apple.com/article.html?artnum=307041	Broken Link
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=628	Broken Link
http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html	Mailing List Vendor Advisory
http://secunia.com/advisories/27643	Broken Link
http://securitytracker.com/id?1018950	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/26444	Broken Link Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA07-319A.html	Broken Link Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2007/3868	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/38476	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-11-15 01:46

Updated : 2024-02-02 02:35

NVD link : CVE-2007-4268

Mitre link : CVE-2007-4268

CVE.ORG link : CVE-2007-4268

JSON object : View

Products Affected

apple

mac_os_x

CWE

CWE-681

Incorrect Conversion between Numeric Types

{"id": "CVE-2007-4268", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2007-11-15T01:46:00.000", "references": [{"url": "http://docs.info.apple.com/article.html?artnum=307041", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=628", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html", "tags": ["Mailing List", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27643", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1018950", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/26444", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html", "tags": ["Broken Link", "Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/3868", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38476", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-681"}]}], "descriptions": [{"lang": "en", "value": "Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message with a negative value, which satisfies a signed comparison during mbuf allocation but is later interpreted as an unsigned value, which triggers a heap-based buffer overflow."}, {"lang": "es", "value": "Un error en la propiedad signedness de enteros en el componente Networking en Apple Mac OS X versiones 10.4 hasta 10.4.10, permite a usuarios locales ejecutar c\u00f3digo arbitrario por medio de un mensaje de AppleTalk dise\u00f1ado con un valor negativo, que satisface una comparaci\u00f3n firmada durante la asignaci\u00f3n de mbuf pero que luego es interpretada como un valor sin firmar, lo que desencadena un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria."}], "lastModified": "2024-02-02T02:35:40.717", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED9822D0-73F1-4B57-ADB5-0EBA7F78C7F1", "versionEndIncluding": "10.4.10", "versionStartIncluding": "10.4.0"}], "operator": "OR"}]}], "evaluatorImpact": "\"By sending a maliciously crafted AppleTalk message, a local user may\ncause an unexpected system shutdown or arbitrary code execution with\nsystem privileges.\"", "sourceIdentifier": "cve@mitre.org"}