CVE-2007-0229
Apple Mac OSX 10.4.8 - DMG UFS FFS_MountFS Integer Overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.
Un desbordamiento de enteros en la función ffs_mountfs en Mac OS X versión 10.4.8 y FreeBSD versión 6.1, permite a los usuarios locales causar una denegación de servicio (pánico) y posiblemente conseguir privilegios por medio de una imagen DMG diseñada que causa la "allocation of a negative size buffer" conllevando a un desbordamiento de búfer en la región heap de la memoria, un problema relacionado con CVE-2006-5679. NOTA: un tercero declara que este problema no cruza los límites de privilegios en FreeBSD porque solo el root puede montar un sistema de archivos.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-01-10 First Exploit
- 2007-01-12 CVE Reserved
- 2007-01-13 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-189: Numeric Errors
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| http://applefun.blogspot.com/2007/01/moab-10-01-2007-apple-dmg-ufs.html | X_refsource_misc | |
| http://docs.info.apple.com/article.html?artnum=305214 | X_refsource_confirm | |
| http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html | Mailing List | |
| http://secunia.com/advisories/24479 | Third Party Advisory | |
| http://www.osvdb.org/32684 | Vdb Entry | |
| http://www.securityfocus.com/bid/21993 | Vdb Entry | |
| http://www.securitytracker.com/id?1017751 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA07-072A.html | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/31409 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/29441 | 2007-01-10 | |
| http://projects.info-pull.com/moab/MOAB-10-01-2007.html | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html | 2017-07-29 | |
| http://secunia.com/advisories/23703 | 2017-07-29 | |
| http://www.vupen.com/english/advisories/2007/0141 | 2017-07-29 | |
| http://www.vupen.com/english/advisories/2007/0930 | 2017-07-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.4.8 Search vendor "Apple" for product "Mac Os X" and version "10.4.8" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.4.8 Search vendor "Apple" for product "Mac Os X Server" and version "10.4.8" | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 6.1 Search vendor "Freebsd" for product "Freebsd" and version "6.1" | - |
Affected
| ||||||