Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2007-0229

Published: 13/01/2007 Updated: 29/07/2017
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 725
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Mac Os X

Vulnerability Summary

Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.

Vulnerable Product Search on Vulmon Subscribe to Product

apple mac os x 10.4.8

apple mac os x server 10.4.8

freebsd freebsd 6.1

Exploits

Exploit DB: Apple Mac OSX 10.4.8 - DMG UFS FFS_MountFS Integer Overflow
source: wwwsecurityfocuscom/bid/21993/info Apple Mac OS X is prone to a remote integer-overflow vulnerability This issue occurs when the UFS filesystem handler fails to handle specially crafted DMG images A successful exploit can allow a remote attacker to execute arbitrary code with kernel-level privileges, leading to the complete com ...

References

CWE-189http://applefun.blogspot.com/2007/01/moab-10-01-2007-apple-dmg-ufs.htmlhttp://projects.info-pull.com/moab/MOAB-10-01-2007.htmlhttp://www.securityfocus.com/bid/21993http://secunia.com/advisories/23703http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.htmlhttp://docs.info.apple.com/article.html?artnum=305214http://www.osvdb.org/32684http://www.securitytracker.com/id?1017751http://secunia.com/advisories/24479http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.htmlhttp://www.us-cert.gov/cas/techalerts/TA07-072A.htmlhttp://www.vupen.com/english/advisories/2007/0141http://www.vupen.com/english/advisories/2007/0930https://exchange.xforce.ibmcloud.com/vulnerabilities/31409https://nvd.nist.govhttps://www.exploit-db.com/exploits/29441/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook