Immunity Canvas: MU

{"id": "MU", "references": [], "hash": "0ad6c610b819ffbc698ac26ab6f4b7438f988129a8c49435c8fe02a9dc165ccf", "description": "**Name**| mu \n---|--- \n**CVE**| CVE-2007-3744 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| MacOS X 10.4 mDNSResponder UPNP Remote Root Exploit \n**Notes**| CVE Name: CVE-2007-3744 \nNotes: If the target port is not specified, it will be located automatically. \nThis exploit will attempt to bypass the built-in OS X firewall by sending packets \nfrom port 5353. Hence, it currently only works from a LocalNode. \n \nIf you're testing on your own box, and you crash mDNS, by picking the wrong \nversion, you can find the new port via: netstat -an | grep udp4 \n \nIt will likely be 49XXX or 5XXXX. \n \nThis exploit does not work FROM an OS X machine due to UDP packet size limits. Sorry! \n \nVENDOR: Apple \nCVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3744 \nCVSS: 5.8 \n\n", "title": "Immunity Canvas: MU", "viewCount": 1, "cvelist": ["CVE-2007-3744"], "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "c54948bab8e876b2c708879f85650f08"}, {"key": "cvss", "hash": "a391df1eee3bdeba4542e387fa0d38a8"}, {"key": "description", "hash": "029170489b993dbbb225324ef4b47014"}, {"key": "href", "hash": "90b92436f15e77f0d2513b6d0fb3b8c7"}, {"key": "modified", "hash": "fcc760f13da027ee20f2cc020e8dc363"}, {"key": "objectVersion", "hash": "777d45bbbcdf50d49c42c70ad7acf5fe"}, {"key": "published", "hash": "fcc760f13da027ee20f2cc020e8dc363"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "403ed403becfd91e34c7d282e2a3b12f"}, {"key": "title", "hash": "6f7052f39ab3cc720c7178596f35c340"}, {"key": "type", "hash": "fcc790c72a86190de1b549d0ddc6f55c"}], "type": "canvas", "history": [], "bulletinFamily": "exploit", "reporter": "Immunity Canvas", "published": "2007-08-03T06:17:00", "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/mu", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "lastseen": "2016-09-25T14:12:04", "objectVersion": "1.2", "edition": 1, "modified": "2007-08-03T06:17:00", "enchantments": {"vulnersScore": 9.4}}

{"result": {"cve": [{"id": "CVE-2007-3744", "type": "cve", "title": "CVE-2007-3744", "description": "Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet.", "published": "2007-08-03T06:17:00", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3744", "cvelist": ["CVE-2007-3744"], "lastseen": "2017-07-29T11:22:08"}], "osvdb": [{"id": "OSVDB:36967", "type": "osvdb", "title": "Mac OS X mDNSResponder UPnP IGD Crafted Packet Remote Overflow", "description": "## Vulnerability Description\nA buffer overflow exists in Mac OS X. The mDNS Responder fails to validate UPnP IGD packets resulting in a buffer overflow. With a specially crafted packet, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.\n## Short Description\nMac OS X 10.4 - 10.4.10 mDNSResponder UPnP IGD Crafted Packet Remote Overflow\n## References:\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=306172)\nSecurity Tracker: 1018488\n[Secunia Advisory ID:26235](https://secuniaresearch.flexerasoftware.com/advisories/26235/)\n[Related OSVDB ID: 36965](https://vulners.com/osvdb/OSVDB:36965)\n[Related OSVDB ID: 36971](https://vulners.com/osvdb/OSVDB:36971)\n[Related OSVDB ID: 36973](https://vulners.com/osvdb/OSVDB:36973)\n[Related OSVDB ID: 36974](https://vulners.com/osvdb/OSVDB:36974)\n[Related OSVDB ID: 36963](https://vulners.com/osvdb/OSVDB:36963)\n[Related OSVDB ID: 36964](https://vulners.com/osvdb/OSVDB:36964)\n[Related OSVDB ID: 36966](https://vulners.com/osvdb/OSVDB:36966)\n[Related OSVDB ID: 36968](https://vulners.com/osvdb/OSVDB:36968)\n[Related OSVDB ID: 36972](https://vulners.com/osvdb/OSVDB:36972)\n[Related OSVDB ID: 36969](https://vulners.com/osvdb/OSVDB:36969)\n[Related OSVDB ID: 36970](https://vulners.com/osvdb/OSVDB:36970)\n[Related OSVDB ID: 36975](https://vulners.com/osvdb/OSVDB:36975)\nOther Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=573\nMail List Post: http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html\nISS X-Force ID: 35733\nFrSIRT Advisory: ADV-2007-2732\n[CVE-2007-3744](https://vulners.com/cve/CVE-2007-3744)\nBugtraq ID: 25159\n", "published": "2007-07-31T17:53:25", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:36967", "cvelist": ["CVE-2007-3744"], "lastseen": "2017-04-28T13:20:33"}], "openvas": [{"id": "OPENVAS:70806", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201201-05 (mDNSResponder)", "description": "The remote host is missing updates announced in\nadvisory GLSA 201201-05.", "published": "2012-02-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=70806", "cvelist": ["CVE-2008-0989", "CVE-2008-3630", "CVE-2007-3744", "CVE-2007-2386", "CVE-2008-2326", "CVE-2007-3828"], "lastseen": "2017-07-24T12:50:31"}], "nessus": [{"id": "GENTOO_GLSA-201201-05.NASL", "type": "nessus", "title": "GLSA-201201-05 : mDNSResponder: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201201-05 (mDNSResponder: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in mDNSResponder. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A local or remote attacker may be able to execute arbitrary code with root privileges or cause a Denial of Service.\n Workaround :\n\n There is no known workaround at this time.", "published": "2012-01-23T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=57631", "cvelist": ["CVE-2008-0989", "CVE-2008-3630", "CVE-2007-3744", "CVE-2007-2386", "CVE-2008-2326", "CVE-2007-3828"], "lastseen": "2016-11-12T05:25:00"}, {"id": "MACOSX_SECUPD2007-007.NASL", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2007-007)", "description": "The remote host is running a version of Mac OS X 10.4 or 10.3 which does not have the security update 2007-007 applied. \n\nThis update contains several security fixes for the following programs :\n\n - bzip2\n - CFNetwork\n - CoreAudio\n - cscope\n - gnuzip\n - iChat\n - Kerberos\n - mDNSResponder\n - PDFKit\n - PHP\n - Quartz Composer\n - Samba\n - SquirrelMail\n - Tomcat\n - WebCore\n - WebKit", "published": "2007-08-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=25830", "cvelist": ["CVE-2007-2407", "CVE-2007-3944", "CVE-2007-3747", "CVE-2007-0478", "CVE-2007-2409", "CVE-2007-1717", "CVE-2007-2442", "CVE-2005-2090", "CVE-2006-4019", "CVE-2007-2798", "CVE-2007-1860", "CVE-2006-2842", "CVE-2004-2541", "CVE-2007-3742", "CVE-2007-1287", "CVE-2007-2446", "CVE-2007-3748", "CVE-2007-3744", "CVE-2007-1521", "CVE-2007-1001", "CVE-2007-2404", "CVE-2005-3128", "CVE-2006-6142", "CVE-2007-2403", "CVE-2006-3174", "CVE-2007-1484", "CVE-2007-2405", "CVE-2007-2447", "CVE-2007-1262", "CVE-2007-3745", "CVE-2007-0450", "CVE-2007-2410", "CVE-2007-1358", "CVE-2007-2408", "CVE-2007-2443", "CVE-2007-1583", "CVE-2007-3746", "CVE-2005-0758", "CVE-2007-1460", "CVE-2007-1711", "CVE-2007-2589", "CVE-2007-2406", "CVE-2004-0996", "CVE-2007-1461"], "lastseen": "2016-11-29T05:32:31"}], "gentoo": [{"id": "GLSA-201201-05", "type": "gentoo", "title": "mDNSResponder: Multiple vulnerabilities", "description": "### Background\n\nmDNSResponder is a component of Apple's Bonjour, an initiative for zero-configuration networking. \n\n### Description\n\nMultiple vulnerabilities have been discovered in mDNSResponder. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA local or remote attacker may be able to execute arbitrary code with root privileges or cause a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll mDNSResponder users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/mDNSResponder-212.1\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since November 21, 2009. It is likely that your system is already no longer affected by this issue.", "published": "2012-01-22T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201201-05", "cvelist": ["CVE-2008-0989", "CVE-2008-3630", "CVE-2007-3744", "CVE-2007-2386", "CVE-2008-2326", "CVE-2007-3828"], "lastseen": "2016-09-06T19:46:52"}]}}