CVE-2007-0749
https://notcve.org/view.php?id=CVE-2007-0749
Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request. Múltiples desbordamientos de búfer basado en pila en la función is_command en proxy.c en Apple Darwin Streaming Proxy, cuando se utiliza en Darwin Streaming Server anterior a 5.5.5, permite a atacantes remotos ejecutar código de su elección a través de un valor (1)cmd largo o (2)server en una respuesta RTSP. • http://docs.info.apple.com/article.html?artnum=305495 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=533 http://lists.apple.com/archives/Security-announce/2007/May/msg00002.html http://osvdb.org/35976 http://secunia.com/advisories/25193 http://www.securityfocus.com/bid/23918 http://www.securitytracker.com/id?1018047 http://www.vupen.com/english/advisories/2007/1770 https://exchange.xforce.ibmcloud.com/vulnerabilities/34222 •
CVE-2007-0745
https://notcve.org/view.php?id=CVE-2007-0745
The Apple Security Update 2007-004 uses an incorrect configuration file for FTPServer in Apple Mac OS X Server 10.4.9, which might allow remote authenticated users to access additional directories. El Apple Security Update 2007-004 utiliza un archivo de configuración incorrecta para TPServer en Apple Mac OS X Server 10.4.9, lo cual podría permitir a usuario validados acceder a directorios adicionales. • http://lists.apple.com/archives/security-announce/2007/May/msg00000.html http://www.osvdb.org/34869 http://www.securitytracker.com/id?1017990 https://exchange.xforce.ibmcloud.com/vulnerabilities/34001 •
CVE-2007-0747
https://notcve.org/view.php?id=CVE-2007-0747
load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when mounting a WebDAV filesystem, which allows local users to gain privileges by setting unspecified environment variables. load_webdav en Apple Mac OS X 10.3.9 hasta la 10.4.9 no limpia de forma adecuada el marco cuando esta montado el sitema de archivos WebDAV, lo cual permite a usuarios locales ganar privilegios a través de la configuración de variables de entorno no especificadas. • http://docs.info.apple.com/article.html?artnum=305391 http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html http://secunia.com/advisories/24966 http://www.kb.cert.org/vuls/id/474969 http://www.osvdb.org/34871 http://www.securityfocus.com/bid/23569 http://www.securitytracker.com/id?1017942 http://www.us-cert.gov/cas/techalerts/TA07-109A.html http://www.vupen.com/english/advisories/2007/1470 •
CVE-2007-0736
https://notcve.org/view.php?id=CVE-2007-0736
Integer overflow in the RPC library in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via crafted requests to portmap. Desbordamiento de entero en la librería RPC de Libinfo en Apple Mac OS X 10.3.9 hasta 10.4.9 permite a atacantes remotos ejecutar código de su elección mediante peticiones manipuladas a portmap. • http://docs.info.apple.com/article.html?artnum=305391 http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html http://secunia.com/advisories/24966 http://www.osvdb.org/34861 http://www.securityfocus.com/bid/23569 http://www.securitytracker.com/id?1017942 http://www.us-cert.gov/cas/techalerts/TA07-109A.html http://www.vupen.com/english/advisories/2007/1470 https://exchange.xforce.ibmcloud.com/vulnerabilities/33782 •
CVE-2007-0735
https://notcve.org/view.php?id=CVE-2007-0735
Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving crafted web pages that trigger certain error conditions that are not properly reported in certain circumstances, resulting in accessing deallocated memory. Vulnerabilidad de uso después de la liberación (Use-After-Free) en Libinfo en Apple Mac OS X 10.3.9 hasta la 10.4.9 permite a atacantes remotos provocar denegación de servicio (caida de aplicación) o posiblemente ejecutar código de su elección a través de vectores no especificados afectadndo a páginas web manipuladas que disparán ciertas condiciones de error que no son informadas ed forma adecuada bajo ciertas circustancias, desembocando en un acceso a memoria no asignada. • http://docs.info.apple.com/article.html?artnum=305391 http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html http://secunia.com/advisories/24966 http://www.osvdb.org/34860 http://www.securityfocus.com/bid/23569 http://www.securitytracker.com/id?1017942 http://www.us-cert.gov/cas/techalerts/TA07-109A.html http://www.vupen.com/english/advisories/2007/1470 •