CVSS: 9.0EPSS: 1%CPEs: 20EXPL: 0CVE-2007-4690
https://notcve.org/view.php?id=CVE-2007-4690
Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet. Una vulnerabilidad de doble liberación en el componente NFS en Apple Mac OS X versiones 10.4 hasta 10.4.10, permite a usuarios autenticados remotos ejecutar código arbitrario por medio de un paquete RPC AUTH_UNIX diseñado. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://www.securityfocus.com/bid/26444 http://www.securitytracker.com/id?1018949 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38477 • CWE-399: Resource Management Errors •
CVSS: 6.9EPSS: 0%CPEs: 11EXPL: 1CVE-2007-4684 – Apple Mac OSX 10.4.x Kernel - 'i386_set_ldt()' Integer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2007-4684
Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a large num_sels argument to the i386_set_ldt system call. Un desbordamiento de enteros en el Kernel en Apple Mac OS X versiones 10.4 hasta 10.4.10, permite a usuarios locales ejecutar código arbitrario por medio de un argumento num_sels largo en la llamada de sistema i386_set_ldt. • https://www.exploit-db.com/exploits/4624 http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058522.html http://risesecurity.org/advisory/RISE-2007004 http://secunia.com/advisories/27643 http://securitytracker.com/id?1018950 http://www.securityfocus.com/archive/1/483793/100/0/threaded http://www.securityfocus.com/bid/26444 http://www.us- • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3749
https://notcve.org/view.php?id=CVE-2007-3749
The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the port before launching the setuid program, then writing to the address space of the setuid process. El kernel en Apple Mac OS X versiones 10.4 hasta 10.4.10, no restablece el actual Puerto del Subproceso (Hilo) Mach o Puerto de Excepción de Subproceso (Hilo) cuando se ejecuta un programa setuid, lo que permite a usuarios locales ejecutar código arbitrario mediante la creación del puerto antes de iniciar el programa setuid, luego escribiendo en el espacio de direcciones del proceso setuid. • http://docs.info.apple.com/article.html?artnum=307041 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=630 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38466 • CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4268
https://notcve.org/view.php?id=CVE-2007-4268
Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message with a negative value, which satisfies a signed comparison during mbuf allocation but is later interpreted as an unsigned value, which triggers a heap-based buffer overflow. Un error en la propiedad signedness de enteros en el componente Networking en Apple Mac OS X versiones 10.4 hasta 10.4.10, permite a usuarios locales ejecutar código arbitrario por medio de un mensaje de AppleTalk diseñado con un valor negativo, que satisface una comparación firmada durante la asignación de mbuf pero que luego es interpretada como un valor sin firmar, lo que desencadena un desbordamiento de búfer en la región heap de la memoria. • http://docs.info.apple.com/article.html?artnum=307041 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=628 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018950 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38476 • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 7.1EPSS: 0%CPEs: 23EXPL: 0CVE-2007-4678
https://notcve.org/view.php?id=CVE-2007-4678
AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted. AppleRAID en Apple Mac OS X 10.3.9 y 10.4 hasta 10.4.10 permite a atacantes provocar una denegación de servicio (caída) mediante una imagen de disco dañada por manipulación, lo cual provoca una referencia a un puntero nulo cuando es montada. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018950 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38461 •