CVE-2007-0729
https://notcve.org/view.php?id=CVE-2007-0729
Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment before executing commands, which allows local users to gain privileges by setting unspecified environment variables. El cliente Apple File Protocol (AFP) en Apple Mac OS X 10.3.9 hasta la 10.4.9 no limpia de forma adecuada el entorno antes de la ejecución de comandos, lo cual permite a usuarios locales ganar privilegios a través de la configuración de variables de entorno no especificadas. • http://docs.info.apple.com/article.html?artnum=305391 http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html http://secunia.com/advisories/24966 http://www.kb.cert.org/vuls/id/312424 http://www.osvdb.org/34858 http://www.securityfocus.com/bid/23569 http://www.securitytracker.com/id?1017944 http://www.us-cert.gov/cas/techalerts/TA07-109A.html http://www.vupen.com/english/advisories/2007/1470 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-0897
https://notcve.org/view.php?id=CVE-2007-0897
Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor. Clam AntiVirus ClamAV anterior a 0.90 no cierra los descriptores de apertura de ficheros bajo ciertas condiciones, lo cual permite a atacantes remotos provocar denegación de servicio (consumo del descriptor de fichero y fallo de escaneo) a través de archivos CAB con una longitud de registro con una cabecera cabinet(.CAB) de cero, lo cual provoca que una función retorne sin cerrar el descriptor de fichero. • http://docs.info.apple.com/article.html?artnum=307562 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=475 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.suse.com/archive/suse-security-announce/2007-Feb/0004.html http://osvdb.org/32283 http://secunia.com/advisories/24183 http://secunia.com/advisories/24187 http://secunia.com/advisories/24192 http://secunia.com/advisories/24319 http://secunia.com/advisories/24332 http:/ • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2006-5051 – unsafe GSSAPI signal handler
https://notcve.org/view.php?id=CVE-2006-5051
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. Condición de carrera en el manejador de señal OpenSSH en versiones anteriores a 4.4 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario si la autenticación GSSAPI está habilitada, a través de vectores no especificados que conducen a una doble liberación. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2 http://openssh.org/txt/release-4.4 http://secunia.com/advisories& • CWE-415: Double Free •
CVE-2006-4866 – Apple Mac OSX 10.x - KExtLoad Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-4866
Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension argument. Desbordamiento de buffer en kextload en Apple OS X, como ha sido usado por TDIXSupport en Roxio Toast Titanium y posiblemente otros productos, permite a usuarios locales ejecutar código de su elección vía un argumento con extensión larga. • https://www.exploit-db.com/exploits/28578 http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049452.html http://www.netragard.com/pdfs/research/apple-kext-tools-20060822.txt http://www.securityfocus.com/bid/20034 •
CVE-2006-4095
https://notcve.org/view.php?id=CVE-2006-4095
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned. BIND anterior a 9.2.6-P1 y 9.3.x anterior a 9.3.2-P1 permite a un atacante remoto provocar denegación de servicio (caida) a través de ciertas consultas SIG, lo cual provoca una falta de aserción cuando múltiples RRsets se devuelven. • http://docs.info.apple.com/article.html?artnum=305530 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://secunia.com/advisories/21752 http://secunia.com/advisories/21786 http://secunia.com/advisories/21816 http://secunia.com/advisories/21818 http://secunia.com/advisories/21828 http://secunia.com/advisories/21835 http://secunia.com/advisories/21838 http://secunia.com/advisories/21912 http://secunia.com/advisories/21926 http://secunia.com/advisories • CWE-617: Reachable Assertion •