CVE-2007-6261 – Apple Mac OSX xnu 1228.0 - 'mach-o' Local Kernel Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2007-6261
Integer overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary. Desbordamiento de entero en la función load_threadstack en el cargador Mach-O (mach_loader.c) del núcleo xnu en Apple Mac OS X 10.4 hasta 10.5.1 permite a usuarios locales provocar una denegación de servicio (bucle infinito) mediante un binario Mach-O manipulado. • https://www.exploit-db.com/exploits/4689 http://secunia.com/advisories/27884 http://www.digit-labs.org/files/exploits/xnu-macho-dos.c http://www.securityfocus.com/bid/26700 http://www.vupen.com/english/advisories/2007/4095 https://exchange.xforce.ibmcloud.com/vulnerabilities/38854 • CWE-189: Numeric Errors •
CVE-2007-6166 – Apple QuickTime 7.2/7.3 - RTSP Response Remote Overwrite (SEH)
https://notcve.org/view.php?id=CVE-2007-6166
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header. Un desbordamiento de búfer en la región stack de la memoria en Apple QuickTime anterior a la versión 7.3.1, como es usado en QuickTime Player en Windows XP y Safari en Mac OS X, permite a servidores remotos de Real Time Streaming Protocol (RTSP) ejecutar código arbitrario por medio de una respuesta RTSP con un encabezado Content-Type largo. • https://www.exploit-db.com/exploits/4648 https://www.exploit-db.com/exploits/16873 https://www.exploit-db.com/exploits/6013 https://www.exploit-db.com/exploits/4657 https://www.exploit-db.com/exploits/4664 https://www.exploit-db.com/exploits/4651 https://www.exploit-db.com/exploits/11027 https://www.exploit-db.com/exploits/16424 http://docs.info.apple.com/article.html?artnum=307176 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html http:/& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-6165 – Apple Mail.app - Image Attachment Command Execution
https://notcve.org/view.php?id=CVE-2007-6165
Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395. Mail en Apple Mac OS X Leopard (versión 10.5.1), permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de un archivo adjunto AppleDouble que contiene un tipo de archivo y un script aparentemente seguros en una bifurcación de recursos, que no advierte al usuario que un programa separado va a ser ejecutado NOTA: este es un error de regresión relacionado con CVE-2006-0395. • https://www.exploit-db.com/exploits/16870 https://www.exploit-db.com/exploits/30781 http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://secunia.com/advisories/27785 http://secunia.com/advisories/28136 http://securitytracker.com/id?1019106 http://www.heise-security.co.uk/news/99257 http://www.kb.cert.org/vuls/id/433819 http://www.securityfocus.com/bid/26510 http://www.us-cert.gov/ • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-4702
https://notcve.org/view.php?id=CVE-2007-4702
The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions. El Cortafuegos de Aplicación de Apple Mac OS X 10.5, cuando la opción "Bloquear todas las conexiones entrantes" se encuentra habilitada, no impide que procesos de root o mDNSResponder acepten conexiones, lo cual podría permitir a atacantes remotos o procesos locales de root evitar las restricciones de seguridad establecidas. • http://docs.info.apple.com/article.html?artnum=307004 http://lists.apple.com/archives/security-announce/2007/Nov/msg00004.html http://secunia.com/advisories/27695 http://securitytracker.com/id?1018958 http://www.securityfocus.com/bid/26461 http://www.vupen.com/english/advisories/2007/3897 https://exchange.xforce.ibmcloud.com/vulnerabilities/38506 •
CVE-2007-4703
https://notcve.org/view.php?id=CVE-2007-4703
The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable, which might allow remote attackers or local root processes to bypass intended access restrictions. El Firewall de Aplicación en Apple Mac OS X versión 10.5, no previene a un proceso de root de aceptar conexiones entrantes, incluso cuando ha sido establecido "Block incoming connections" para su ejecutable asociado, lo que podría permitir a atacantes remotos o procesos de root locales omitir las restricciones de acceso previstas. • http://docs.info.apple.com/article.html?artnum=307004 http://lists.apple.com/archives/security-announce/2007/Nov/msg00004.html http://secunia.com/advisories/27695 http://securitytracker.com/id?1018958 http://www.securityfocus.com/bid/26460 http://www.vupen.com/english/advisories/2007/3897 https://exchange.xforce.ibmcloud.com/vulnerabilities/38479 •