CVE-2007-0267

Apple Mac OSX 10.4.8 - DMG UFS UFS_LookUp Denial of Service

Severity Score

6.6

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels allows local users to cause a denial of service (kernel panic) and possibly corrupt other filesystems by mounting a crafted UNIX File System (UFS) DMG image that contains a corrupted directory entry (struct direct), related to the ufs_dirbad function. NOTE: a third party states that the FreeBSD issue does not cross privilege boundaries.

La función ufs_lookup en los kernel de Mac OS X versión 10.4.8 y FreeBSD versión 6.1, permite a los usuarios locales causar una denegación de servicio (pánico del kernel) y posiblemente corromper otros sistemas de archivos mediante el montaje de una imagen DMG del Sistema de archivos UNIX (UFS) que contiene una entrada de directorio corrupta (estructura directa), relacionada con la función ufs_dirbad. NOTA: un tercero declara que el problema de FreeBSD no cruza los límites de privilegios.

*Credits: N/A

CVSS Scores

NISTv2 6.6

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-01-13 First Exploit
2007-01-16 CVE Reserved
2007-01-17 CVE Published
2024-08-07 CVE Updated
2024-09-22 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-399: Resource Management Errors

CAPEC

References (13)

URL	Tag	Source
http://docs.info.apple.com/article.html?artnum=305214	X_refsource_confirm
http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html	Mailing List
http://projects.info-pull.com/moab/MOAB-12-01-2007.html	X_refsource_misc
http://www.osvdb.org/32686	Vdb Entry
http://www.securityfocus.com/bid/22036	Vdb Entry
http://www.securitytracker.com/id?1017751	Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA07-072A.html	Third Party Advisory

URL	Date	SRC
https://www.exploit-db.com/exploits/29452	2007-01-13

URL	Date	SRC

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html	2011-06-10
http://secunia.com/advisories/23721	2011-06-10
http://secunia.com/advisories/24479	2011-06-10
http://www.vupen.com/english/advisories/2007/0171	2011-06-10
http://www.vupen.com/english/advisories/2007/0930	2011-06-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apple Search vendor "Apple"		Mac Os X Search vendor "Apple" for product "Mac Os X"				10.4.8 Search vendor "Apple" for product "Mac Os X" and version "10.4.8"		-		Affected
Freebsd Search vendor "Freebsd"		Freebsd Search vendor "Freebsd" for product "Freebsd"				6.1 Search vendor "Freebsd" for product "Freebsd" and version "6.1"		-		Affected