BID:25159

Apple Mac OS X 2007-007 Multiple Security Vulnerabilities

CVE-2006-2842 | CVE-2006-3174 | CVE-2006-4019 |

Info

Apple Mac OS X 2007-007 Multiple Security Vulnerabilities

Bugtraq ID:	25159
Class:	Unknown
CVE:	CVE-2007-2403 CVE-2007-2404 CVE-2007-3745 CVE-2007-3746 CVE-2007-3747 CVE-2007-3748 CVE-2007-3744 CVE-2007-2405 CVE-2007-2406 CVE-2007-2407 CVE-2007-0478 CVE-2007-2409 CVE-2007-2410
Remote:	Yes
Local:	No
Published:	Aug 01 2007 12:00AM
Updated:	Aug 08 2007 12:34AM
Credit:	These issues were disclosed be the vendor. The following are credited with some of the discoveries: Steven Kramer, Mike Matz, Secunia Research, and Neil Kettle (mu-b) of www.digit-labs.org.
Vulnerable:	Apple Mac OS X Server 10.4.10 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X 10.4.10 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3

Not Vulnerable:

Discussion

Apple Mac OS X 2007-007 Multiple Security Vulnerabilities

Apple Mac OS X is prone to multiple security vulnerabilities.

These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore.

Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.

Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues.

Exploit / POC

Apple Mac OS X 2007-007 Multiple Security Vulnerabilities

Some of these issues will require an attacker to entice a victim into visiting a malicious webpage or opening a malicious file. Other issues will require the attacker to send malformed network packets.

Solution / Fix

Apple Mac OS X 2007-007 Multiple Security Vulnerabilities

Solution:
A vendor advisory is available to address these issues. Please see the referenced advisory for more information.

Apple Mac OS X Server 10.3.9

Apple SecUpdSrvr2007-007Pan.dmg For Mac OS X Server v10.3.9
http://www.apple.com/support/downloads/

Apple Mac OS X 10.3.9

Apple SecUpd2007-007Pan.dmg For Mac OS X v10.3.9
http://www.apple.com/support/downloads/

Apple Mac OS X 10.4.10

Apple SecUpd2007-007Ti.dmg For Mac OS X v10.4.10 (PowerPC)
http://www.apple.com/support/downloads/

Apple SecUpd2007-007Univ.dmg For Mac OS X v10.4.10 (Universal)
http://www.apple.com/support/downloads/

Apple Mac OS X Server 10.4.10

Apple SecUpdSrvr2007-007Ti.dmg For Mac OS X Server v10.4.10 (PowerPC)
http://www.apple.com/support/downloads/

Apple SecUpdSrvr2007-007Universal.dmg For Mac OS X Server v10.4.10 (Universal)
http://www.apple.com/support/downloads/

References

Apple Mac OS X 2007-007 Multiple Security Vulnerabilities

References:

Mac OS X Homepage (Apple)
iDefense Security Advisory 08.07.07: Apple Mac OS X mDNSResponder HTTP Request H (iDefense Labs )