ID MU Type canvas Reporter Immunity Canvas Modified 2007-08-03T10:17:00
Description
Name| mu
---|--- CVE| CVE-2007-3744 Exploit Pack| CANVAS Description| MacOS X 10.4 mDNSResponder UPNP Remote Root Exploit Notes| CVE Name: CVE-2007-3744
Notes: If the target port is not specified, it will be located automatically.
This exploit will attempt to bypass the built-in OS X firewall by sending packets
from port 5353. Hence, it currently only works from a LocalNode.
If you're testing on your own box, and you crash mDNS, by picking the wrong
version, you can find the new port via: netstat -an | grep udp4
It will likely be 49XXX or 5XXXX.
This exploit does not work FROM an OS X machine due to UDP packet size limits. Sorry!
VENDOR: Apple
CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3744
CVSS: 5.8
{"bulletinFamily": "exploit", "id": "MU", "title": "Immunity Canvas: MU", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}, "cvelist": ["CVE-2007-3744"], "viewCount": 6, "published": "2007-08-03T10:17:00", "description": "**Name**| mu \n---|--- \n**CVE**| CVE-2007-3744 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| MacOS X 10.4 mDNSResponder UPNP Remote Root Exploit \n**Notes**| CVE Name: CVE-2007-3744 \nNotes: If the target port is not specified, it will be located automatically. \nThis exploit will attempt to bypass the built-in OS X firewall by sending packets \nfrom port 5353. Hence, it currently only works from a LocalNode. \n \nIf you're testing on your own box, and you crash mDNS, by picking the wrong \nversion, you can find the new port via: netstat -an | grep udp4 \n \nIt will likely be 49XXX or 5XXXX. \n \nThis exploit does not work FROM an OS X machine due to UDP packet size limits. Sorry! \n \nVENDOR: Apple \nCVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3744 \nCVSS: 5.8 \n\n", "references": [], "edition": 2, "reporter": "Immunity Canvas", "modified": "2007-08-03T10:17:00", "lastseen": "2019-05-29T17:19:27", "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/mu", "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-3744"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:17719", "SECURITYVULNS:VULN:8018"]}, {"type": "osvdb", "idList": ["OSVDB:36967"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201201-05.NASL", "MACOSX_SECUPD2007-007.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:70806", "OPENVAS:136141256231070806"]}, {"type": "gentoo", "idList": ["GLSA-201201-05"]}, {"type": "seebug", "idList": ["SSV:2062"]}], "modified": "2019-05-29T17:19:27", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2019-05-29T17:19:27", "rev": 2}, "vulnersScore": 6.5}, "type": "canvas", "scheme": null}
{"cve": [{"lastseen": "2021-02-02T05:31:25", "description": "Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet.", "edition": 4, "cvss3": {}, "published": "2007-08-03T10:17:00", "title": "CVE-2007-3744", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2007-3744"], "modified": "2017-07-29T01:32:00", "cpe": ["cpe:/o:apple:mac_os_x_server:10.4.8", "cpe:/o:apple:mac_os_x:10.4.3", "cpe:/o:apple:mac_os_x_server:10.4.5", "cpe:/o:apple:mac_os_x:10.4.8", "cpe:/o:apple:mac_os_x_server:10.4.2", "cpe:/o:apple:mac_os_x:10.4.9", "cpe:/o:apple:mac_os_x:10.4", "cpe:/o:apple:mac_os_x_server:10.4.6", "cpe:/o:apple:mac_os_x_server:10.4.4", "cpe:/o:apple:mac_os_x_server:10.4.10", "cpe:/o:apple:mac_os_x_server:10.4.1", "cpe:/o:apple:mac_os_x_server:10.4.9", "cpe:/o:apple:mac_os_x:10.4.1", "cpe:/o:apple:mac_os_x:10.4.10", "cpe:/o:apple:mac_os_x:10.4.2", "cpe:/o:apple:mac_os_x:10.4.6", "cpe:/o:apple:mac_os_x_server:10.4.3", "cpe:/o:apple:mac_os_x:10.4.7", "cpe:/o:apple:mac_os_x_server:10.4", "cpe:/o:apple:mac_os_x_server:10.4.7", "cpe:/o:apple:mac_os_x:10.4.5", "cpe:/o:apple:mac_os_x:10.4.4"], "id": "CVE-2007-3744", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3744", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:33", "bulletinFamily": "software", "cvelist": ["CVE-2007-3744"], "description": "## Vulnerability Description\nA buffer overflow exists in Mac OS X. The mDNS Responder fails to validate UPnP IGD packets resulting in a buffer overflow. With a specially crafted packet, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.\n## Short Description\nMac OS X 10.4 - 10.4.10 mDNSResponder UPnP IGD Crafted Packet Remote Overflow\n## References:\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=306172)\nSecurity Tracker: 1018488\n[Secunia Advisory ID:26235](https://secuniaresearch.flexerasoftware.com/advisories/26235/)\n[Related OSVDB ID: 36965](https://vulners.com/osvdb/OSVDB:36965)\n[Related OSVDB ID: 36971](https://vulners.com/osvdb/OSVDB:36971)\n[Related OSVDB ID: 36973](https://vulners.com/osvdb/OSVDB:36973)\n[Related OSVDB ID: 36974](https://vulners.com/osvdb/OSVDB:36974)\n[Related OSVDB ID: 36963](https://vulners.com/osvdb/OSVDB:36963)\n[Related OSVDB ID: 36964](https://vulners.com/osvdb/OSVDB:36964)\n[Related OSVDB ID: 36966](https://vulners.com/osvdb/OSVDB:36966)\n[Related OSVDB ID: 36968](https://vulners.com/osvdb/OSVDB:36968)\n[Related OSVDB ID: 36972](https://vulners.com/osvdb/OSVDB:36972)\n[Related OSVDB ID: 36969](https://vulners.com/osvdb/OSVDB:36969)\n[Related OSVDB ID: 36970](https://vulners.com/osvdb/OSVDB:36970)\n[Related OSVDB ID: 36975](https://vulners.com/osvdb/OSVDB:36975)\nOther Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=573\nMail List Post: http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html\nISS X-Force ID: 35733\nFrSIRT Advisory: ADV-2007-2732\n[CVE-2007-3744](https://vulners.com/cve/CVE-2007-3744)\nBugtraq ID: 25159\n", "edition": 1, "modified": "2007-07-31T17:53:25", "published": "2007-07-31T17:53:25", "href": "https://vulners.com/osvdb/OSVDB:36967", "id": "OSVDB:36967", "title": "Mac OS X mDNSResponder UPnP IGD Crafted Packet Remote Overflow", "type": "osvdb", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:23", "bulletinFamily": "software", "cvelist": ["CVE-2007-3744"], "description": "Apple Mac OS X mDNSResponder HTTP Request Heap Overflow Vulnerability\r\n\r\niDefense Security Advisory 08.07.07\r\nhttp://labs.idefense.com/intelligence/vulnerabilities/\r\nAug 07, 2007\r\n\r\nI. BACKGROUND\r\n\r\nmDNSResponder is part of the Bonjour suite of applications. Bonjour is\r\nused to provide automatic and transparent configuration of network\r\ndevices. It is similar to UPnP, in that the goal of both is to allow\r\nusers to simply plug devices into a network without worrying about\r\nconfiguration details. mDNSResponder runs by default on both Server and\r\nWorkstation. More information can be found on the vendor's website.\r\n\r\nhttp://developer.apple.com/opensource/internet/bonjour.html\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of a heap overflow vulnerability in Apple Inc.'s\r\nmDNSResponder application may allow attackers to execute arbitrary code\r\nwith root privileges.\r\n\r\nThe vulnerability exists within the Legacy NAT Traversal code. Unlike\r\nthe core of the mDNSResponder service, this area of code does not rely\r\non Multicast UDP. It listens on a dynamically allocated Unicast UDP\r\nport.\r\n\r\nThe vulnerability occurs when parsing a malformed HTTP request. This\r\nresults in an exploitable heap overflow.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation of this vulnerability allows an attacker to execute\r\narbitrary code with root privileges on a vulnerable host. No\r\nauthentication is needed to exploit this vulnerability.\r\n\r\nFailed attempts will result in the service crashing. Shortly after\r\ncrashing, it will be restarted.\r\n\r\nIV. DETECTION\r\n\r\niDefense has confirmed the existence of this vulnerability in Mac OS X\r\nversion 10.4.10, Server and Workstation, with mDNSResponder version\r\n108.5. Previous versions may also be affected.\r\n\r\nV. WORKAROUND\r\n\r\niDefense is currently unaware of any workarounds for this issue.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nApple addressed this vulnerability within their Mac OS X 2007-007\r\nsecurity update. More information is available at the following URL.\r\n\r\nhttp://docs.info.apple.com/article.html?artnum=306172\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CVE-2007-3744 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org/), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n07/26/2007 Initial vendor notification\r\n07/26/2007 Initial vendor response\r\n08/07/2007 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\nThis vulnerability was reported to iDefense by Neil Kettle (mu-b) of\r\nwww.digit-labs.org.\r\n\r\nGet paid for vulnerability research\r\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com/\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright \u00a9 2007 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically,\r\nplease e-mail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\n There are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct,\r\nindirect, or consequential loss or damage arising from use of, or\r\nreliance on, this information.", "edition": 1, "modified": "2007-08-08T00:00:00", "published": "2007-08-08T00:00:00", "id": "SECURITYVULNS:DOC:17719", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17719", "title": "iDefense Security Advisory 08.07.07: Apple Mac OS X mDNSResponder HTTP Request Heap Overflow Vulnerability", "type": "securityvulns", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:26", "bulletinFamily": "software", "cvelist": ["CVE-2007-3744"], "description": "Buffer overflow on malformed DNS request parsing.", "edition": 1, "modified": "2007-08-08T00:00:00", "published": "2007-08-08T00:00:00", "id": "SECURITYVULNS:VULN:8018", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8018", "title": "Apple Mac OS X Bonjour mDNSResponder buffer overflow", "type": "securityvulns", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-05-29T18:38:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0989", "CVE-2008-3630", "CVE-2007-3744", "CVE-2007-2386", "CVE-2008-2326", "CVE-2007-3828"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201201-05.", "modified": "2018-10-12T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:136141256231070806", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070806", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201201-05 (mDNSResponder)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201201_05.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70806\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2007-2386\", \"CVE-2007-3744\", \"CVE-2007-3828\", \"CVE-2008-0989\", \"CVE-2008-2326\", \"CVE-2008-3630\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:42 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201201-05 (mDNSResponder)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been found in mDNSResponder, which\n could lead to execution of arbitrary code with root privileges.\");\n script_tag(name:\"solution\", value:\"All mDNSResponder users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/mDNSResponder-212.1'\n\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since November 21, 2009. It is likely that your system is\n already no longer affected by this issue.\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201201-05\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=290822\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201201-05.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"net-misc/mDNSResponder\", unaffected: make_list(\"ge 212.1\"), vulnerable: make_list(\"lt 212.1\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:50:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0989", "CVE-2008-3630", "CVE-2007-3744", "CVE-2007-2386", "CVE-2008-2326", "CVE-2007-3828"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201201-05.", "modified": "2017-07-07T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:70806", "href": "http://plugins.openvas.org/nasl.php?oid=70806", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201201-05 (mDNSResponder)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been found in mDNSResponder, which\n could lead to execution of arbitrary code with root privileges.\";\ntag_solution = \"All mDNSResponder users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/mDNSResponder-212.1'\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since November 21, 2009. It is likely that your system is\n already no longer affected by this issue.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201201-05\nhttp://bugs.gentoo.org/show_bug.cgi?id=290822\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201201-05.\";\n\n \n \nif(description)\n{\n script_id(70806);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2007-2386\", \"CVE-2007-3744\", \"CVE-2007-3828\", \"CVE-2008-0989\", \"CVE-2008-2326\", \"CVE-2008-3630\");\n script_version(\"$Revision: 6593 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:18:14 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:42 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201201-05 (mDNSResponder)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"net-misc/mDNSResponder\", unaffected: make_list(\"ge 212.1\"), vulnerable: make_list(\"lt 212.1\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:52", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0989", "CVE-2008-3630", "CVE-2007-3744", "CVE-2007-2386", "CVE-2008-2326", "CVE-2007-3828"], "description": "### Background\n\nmDNSResponder is a component of Apple's Bonjour, an initiative for zero-configuration networking. \n\n### Description\n\nMultiple vulnerabilities have been discovered in mDNSResponder. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA local or remote attacker may be able to execute arbitrary code with root privileges or cause a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll mDNSResponder users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/mDNSResponder-212.1\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since November 21, 2009. It is likely that your system is already no longer affected by this issue.", "edition": 1, "modified": "2012-01-22T00:00:00", "published": "2012-01-22T00:00:00", "id": "GLSA-201201-05", "href": "https://security.gentoo.org/glsa/201201-05", "type": "gentoo", "title": "mDNSResponder: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-07T10:53:11", "description": "The remote host is affected by the vulnerability described in GLSA-201201-05\n(mDNSResponder: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in mDNSResponder. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A local or remote attacker may be able to execute arbitrary code with\n root privileges or cause a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 22, "published": "2012-01-23T00:00:00", "title": "GLSA-201201-05 : mDNSResponder: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0989", "CVE-2008-3630", "CVE-2007-3744", "CVE-2007-2386", "CVE-2008-2326", "CVE-2007-3828"], "modified": "2012-01-23T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:mDNSResponder"], "id": "GENTOO_GLSA-201201-05.NASL", "href": "https://www.tenable.com/plugins/nessus/57631", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201201-05.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57631);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-2386\", \"CVE-2007-3744\", \"CVE-2007-3828\", \"CVE-2008-0989\", \"CVE-2008-2326\", \"CVE-2008-3630\");\n script_bugtraq_id(24159, 24924, 25159, 28339, 31091, 31093);\n script_xref(name:\"GLSA\", value:\"201201-05\");\n\n script_name(english:\"GLSA-201201-05 : mDNSResponder: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201201-05\n(mDNSResponder: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in mDNSResponder. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A local or remote attacker may be able to execute arbitrary code with\n root privileges or cause a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201201-05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All mDNSResponder users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/mDNSResponder-212.1'\n NOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since November 21, 2009. It is likely that your system is\n already no longer affected by this issue.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mac OS X mDNSResponder UPnP Location Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 119, 134);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mDNSResponder\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/23\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/05/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/mDNSResponder\", unaffected:make_list(\"ge 212.1\"), vulnerable:make_list(\"lt 212.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mDNSResponder\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T03:42:31", "description": "The remote host is running a version of Mac OS X 10.4 or 10.3 which\ndoes not have the security update 2007-007 applied. \n\nThis update contains several security fixes for the following programs :\n\n - bzip2\n - CFNetwork\n - CoreAudio\n - cscope\n - gnuzip\n - iChat\n - Kerberos\n - mDNSResponder\n - PDFKit\n - PHP\n - Quartz Composer\n - Samba\n - SquirrelMail\n - Tomcat\n - WebCore\n - WebKit", "edition": 26, "published": "2007-08-02T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2007-007)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2407", "CVE-2007-3944", "CVE-2007-3747", "CVE-2007-0478", "CVE-2007-2409", "CVE-2007-1717", "CVE-2007-2442", "CVE-2005-2090", "CVE-2006-4019", "CVE-2007-2798", "CVE-2007-1860", "CVE-2006-2842", "CVE-2004-2541", "CVE-2007-3742", "CVE-2007-1287", "CVE-2007-2446", "CVE-2007-3748", "CVE-2007-3744", "CVE-2007-1521", "CVE-2007-1001", "CVE-2007-2404", "CVE-2005-3128", "CVE-2006-6142", "CVE-2007-2403", "CVE-2006-3174", "CVE-2007-1484", "CVE-2007-2405", "CVE-2007-2447", "CVE-2007-1262", "CVE-2007-3745", "CVE-2007-0450", "CVE-2007-2410", "CVE-2007-1358", "CVE-2007-2408", "CVE-2007-2443", "CVE-2007-1583", "CVE-2007-3746", "CVE-2005-0758", "CVE-2007-1460", "CVE-2007-1711", "CVE-2007-2589", "CVE-2007-2406", "CVE-2004-0996", "CVE-2007-1461"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2007-007.NASL", "href": "https://www.tenable.com/plugins/nessus/25830", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\nif ( NASL_LEVEL < 3000 ) exit(0);\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(25830);\n script_version (\"1.18\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\"CVE-2004-0996\", \"CVE-2004-2541\", \"CVE-2005-0758\", \"CVE-2005-2090\", \"CVE-2005-3128\",\n \"CVE-2006-2842\", \"CVE-2006-3174\", \"CVE-2006-4019\", \"CVE-2006-6142\", \"CVE-2007-0450\",\n \"CVE-2007-0478\", \"CVE-2007-1001\", \"CVE-2007-1262\", \"CVE-2007-1287\", \"CVE-2007-1358\",\n \"CVE-2007-1460\", \"CVE-2007-1461\", \"CVE-2007-1484\", \"CVE-2007-1521\", \"CVE-2007-1583\",\n \"CVE-2007-1711\", \"CVE-2007-1717\", \"CVE-2007-1860\", \"CVE-2007-2403\", \"CVE-2007-2404\",\n \"CVE-2007-2405\", \"CVE-2007-2406\", \"CVE-2007-2407\", \"CVE-2007-2408\", \"CVE-2007-2409\",\n \"CVE-2007-2410\", \"CVE-2007-2442\", \"CVE-2007-2443\", \"CVE-2007-2446\", \"CVE-2007-2447\",\n \"CVE-2007-2589\", \"CVE-2007-2798\", \"CVE-2007-3742\", \"CVE-2007-3744\", \"CVE-2007-3745\",\n \"CVE-2007-3746\", \"CVE-2007-3747\", \"CVE-2007-3748\", \"CVE-2007-3944\");\n script_bugtraq_id(11697, 13582, 23910, 23972, 23973, 24195, 24196, 24197, 24198, 24653, 25159);\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2007-007)\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.4 or 10.3 which\ndoes not have the security update 2007-007 applied. \n\nThis update contains several security fixes for the following programs :\n\n - bzip2\n - CFNetwork\n - CoreAudio\n - cscope\n - gnuzip\n - iChat\n - Kerberos\n - mDNSResponder\n - PDFKit\n - PHP\n - Quartz Composer\n - Samba\n - SquirrelMail\n - Tomcat\n - WebCore\n - WebKit\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://docs.info.apple.com/article.html?artnum=306172\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Install the security update 2007-007 :\n\nhttp://www.apple.com/support/downloads/securityupdate200700710410universal.html\nhttp://www.apple.com/support/downloads/securityupdate20070071039.html\nhttp://www.apple.com/support/downloads/securityupdate20070071039server.html\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba \"username map script\" Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 20, 22, 59, 79, 119, 352);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/08/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2007/08/01\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2004/11/09\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_summary(english:\"Check for the presence of the SecUpdate 2007-007\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"MacOS X Local Security Checks\");\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\");\n exit(0);\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif ( ! packages ) exit(0);\n\n\n\nuname = get_kb_item(\"Host/uname\");\nif ( egrep(pattern:\"Darwin.* (7\\.[0-9]\\.|8\\.[0-9]\\.|8\\.10\\.)\", string:uname) )\n{\n if (!egrep(pattern:\"^SecUpd(Srvr)?(2007-00[789]|200[89]-|20[1-9][0-9]-)\", string:packages)) \n security_hole(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T21:59:56", "description": "CVE(CAN) ID: CVE-2004-0996,CVE-2004-2541,CVE-2005-0758,CVE-2005-3128,CVE-2006-2842,CVE-2006-3174,CVE-2006-4019,CVE-2006-6142,CVE-2007-0450,CVE-2007-0478,CVE-2007-1001,CVE-2007-1262,CVE-2007-1358,CVE-2007-1460,CVE-2007-1461,CVE-2007-1484,CVE-2007-1521,CVE-2007-1583,CVE-2007-1711,CVE-2007-1717,CVE-2007-1860,CVE-2007-2403,CVE-2007-2404,CVE-2007-2405,CVE-2007-2406,CVE-2007-2407,CVE-2007-2408,CVE-2007-2409,CVE-2007-2410,CVE-2007-2442,CVE-2007-2443,CVE-2007-2446,CVE-2007-2447,CVE-2007-2589,CVE-2007-2798,CVE-2007-3742,CVE-2007-3744,CVE-2007-3745,CVE-2007-3746,CVE-2007-3747,CVE-2007-3748,CVE-2007-3944\r\n\r\nMac OS X\u662f\u82f9\u679c\u5bb6\u65cf\u8ba1\u7b97\u673a\u6240\u4f7f\u7528\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple 2007-007\u5b89\u5168\u66f4\u65b0\u4fee\u590d\u4e86Mac OS X\u4e2d\u7684\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u6216\u672c\u5730\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u9020\u6210\u591a\u79cd\u5a01\u80c1\u3002\r\n\r\n\u5177\u4f53\u6761\u76ee\u5305\u62ec\uff1a\r\n\r\n* CVE-2005-0758\r\n\r\nbzgrep\u5728\u5904\u7406\u7578\u5f62\u6587\u4ef6\u540d\u65f6\u5b58\u5728\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237bzgrep\u6076\u610f\u6587\u4ef6\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\n* CVE-2007-2403\r\n\r\nMac OS X\u5728\u5904\u7406FTP URI\u65f6\u5b58\u5728\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u8bf1\u4f7f\u7528\u6237\u5904\u7406\u6076\u610fFTP URI\u7684\u7528\u6237\u5728\u5f53\u524dFTP\u4f1a\u8bdd\u4e2d\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\r\n\r\n* CVE-2007-2404\r\n\r\nCFNetwork\u5904\u7406HTTP\u56de\u5e94\u6570\u636e\u65f6\u6613\u53d7\u6570\u636e\u5206\u5272\u653b\u51fb\u7684\u5f71\u54cd\uff0c\u53ef\u80fd\u5bfc\u81f4\u8de8\u7ad9\u811a\u672c\u6267\u884c\u3002\r\n\r\n* CVE-2007-3745\r\n\r\nCoreAudio\u7684Java\u63a5\u53e3\u5141\u8bb8\u91ca\u653e\u4efb\u610f\u7684\u5185\u5b58\u5730\u5740\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u8bbf\u95ee\u4e00\u4e2a\u6076\u610f\u7f51\u9875\u63a7\u5236\u7528\u6237\u7cfb\u7edf\u3002\r\n\r\n* CVE-2007-3746\r\n\r\nCoreAudio\u7684Java\u63a5\u53e3\u5b58\u5728\u5806\u5757\u8fb9\u754c\u8bbf\u95ee\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u8bbf\u95ee\u4e00\u4e2a\u6076\u610f\u7f51\u9875\u63a7\u5236\u7528\u6237\u7cfb\u7edf\u3002\r\n\r\n* CVE-2007-3747\r\n\r\nCoreAudio\u7684Java\u63a5\u53e3\u5141\u8bb8\u5728\u5806\u5757\u4ee5\u5916\u7684\u5185\u5b58\u521d\u59cb\u5316\u6216\u64cd\u4f5c\u5bf9\u8c61\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u8bbf\u95ee\u4e00\u4e2a\u6076\u610f\u7f51\u9875\u63a7\u5236\u7528\u6237\u7cfb\u7edf\u3002\r\n\r\n* CVE-2004-0996,CVE-2004-2541\r\n\r\nCscope\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\uff0c\u5305\u62ec\u7f13\u51b2\u533a\u6ea2\u51fa\u548c\u4e0d\u5b89\u5168\u7684\u65b9\u5f0f\u521b\u5efa\u4e34\u65f6\u6587\u4ef6\uff0c\u53ef\u80fd\u5bfc\u81f4\u8fdc\u7a0b\u653b\u51fb\u8005\u63a7\u5236\u7cfb\u7edf\u3002\r\n\r\n* CVE-2005-0758\r\n\r\nzgrep\u5728\u5904\u7406\u7578\u5f62\u6587\u4ef6\u540d\u65f6\u5b58\u5728\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237zgrep\u6076\u610f\u6587\u4ef6\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\n* CVE-2007-3748\r\n\r\niChat\u4f7f\u7528\u7684UPnP IGD\u4ee3\u7801\u5b9e\u73b0\u4e0a\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u672c\u5730\u7f51\u7edc\u4e0a\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\n* CVE-2007-2442,CVE-2007-2443,CVE-2007-2798\r\n\r\nMIT Kerberos kadmind\u5b9e\u73b0\u4e0a\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u6267\u884c\u4efb\u610f\u6307\u8ba4\u3002\r\n\r\n* CVE-2007-3744\r\n\r\nmDNSResponder\u4f7f\u7528\u7684UPnP IGD\u4ee3\u7801\u5b9e\u73b0\u4e0a\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u672c\u5730\u7f51\u7edc\u4e0a\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\n* CVE-2007-2405\r\n\r\nPreview\u5904\u7406PDF\u6587\u4ef6\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u8bf1\u4f7f\u7528\u6237\u5904\u7406\u6076\u610fPDF\u6587\u4ef6\u63a7\u5236\u7528\u6237\u7cfb\u7edf\u3002\r\n\r\n* CVE-2007-1001,CVE-2007-1287,CVE-2007-1460,CVE-2007-1461,CVE-2007-1484,CVE-2007-1521,CVE-2007-1583,CVE-2007-1711,CVE-2007-1717\r\n\r\nPHP\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\uff0c\u53ef\u80fd\u5bfc\u81f4\u5404\u79cd\u653b\u51fb\u3002\r\n\r\n* CVE-2007-2406\r\n\r\nQuartz Composer\u5b9e\u73b0\u4e0a\u5b58\u5728\u672a\u521d\u59cb\u5316\u5bf9\u8c61\u6307\u9488\u5904\u7406\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u80fd\u8bf1\u4f7f\u7528\u6237\u5904\u7406\u6076\u610f\u6587\u4ef6\u63a7\u5236\u7528\u6237\u7cfb\u7edf\u3002\r\n\r\n* CVE-2007-2446\r\n\r\nSamba\u7684\u5b9e\u73b0\u5728\u5904\u7406\u7578\u5f62\u7684RPC\u8bf7\u6c42\u65f6\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u63a7\u5236\u670d\u52a1\u5668\u3002\r\n\r\n* CVE-2007-2447\r\n\r\nSamba\u7684\u5b9e\u73b0\u5728\u5904\u7406\u7578\u5f62RPC\u8bf7\u6c42\u65f6\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u670d\u52a1\u5668\u4e0a\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\r\n\r\n* CVE-2007-2407\r\n\r\nSamba\u7684\u5b9e\u73b0\u6ca1\u6709\u6b63\u786e\u5730\u5904\u7406\u6743\u9650\u7684\u4e22\u5f03\uff0c\u5bfc\u81f4\u78c1\u76d8\u9650\u989d\u7ed5\u8fc7\u3002\r\n\r\n* CVE-2005-3128,CVE-2006-2842,CVE-2006-3174,CVE-2006-4019,CVE-2006-6142,CVE-2007-1262,CVE-2007-2589\r\n\r\nSquirrelMail\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\uff0c\u53ef\u80fd\u5bfc\u81f4\u8de8\u7ad9\u811a\u672c\u6267\u884c\u3002\r\n\r\n* CVE-2005-2090,CVE-2007-0450,CVE-2007-1358,CVE-2007-1860\r\n\r\nTomcat\u5b9e\u73b0\u4e0a\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\uff0c\u53ef\u80fd\u5bfc\u81f4\u8de8\u7ad9\u811a\u672c\u6267\u884c\u548c\u4fe1\u606f\u6cc4\u9732\u3002\r\n\r\n* CVE-2007-2408\r\n\r\nWebCore\u8f6f\u4ef6\u5305\u5b9e\u73b0\u4e0a\u5b58\u5728\u6f0f\u6d1e\uff0c\u53ef\u80fd\u5bfc\u81f4\u4e0d\u671f\u671b\u7684Java applet\u6267\u884c\u3002\r\n\r\n* CVE-2007-0478\r\n\r\nWebCore\u8f6f\u4ef6\u5305\u5728\u5904\u7406HTML\u6807\u9898\u7684\u4ee3\u7801\u4e0a\u5b58\u5728\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u7528\u6237\u63d2\u5165\u4ee3\u7801\u3002\r\n\r\n* CVE-2007-2409,CVE-2007-2410\r\n\r\nWebCore\u8f6f\u4ef6\u5305\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u6f0f\u6d1e\uff0c\u53ef\u80fd\u5bfc\u81f4\u6d4f\u89c8\u5668\u4fe1\u606f\u6cc4\u9732\u3002\r\n\r\n* CVE-2007-3742\r\n\r\nWebKit\u8f6f\u4ef6\u5305\u5b9e\u73b0\u4e0a\u5b58\u5728\u6f0f\u6d1e\uff0c\u53ef\u80fd\u5bfc\u81f4\u57df\u540d\u6b3a\u9a97\u3002\r\n\r\n* CVE-2007-3944\r\n\r\nSafari\u7684JavaScript\u5f15\u64ce\u4f7f\u7528\u7684PCRE\u5e93\u5b9e\u73b0\u4e0a\u5b58\u5728\u5806\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u8bbf\u95ee\u6076\u610f\u7f51\u9875\u63a7\u5236\u7528\u6237\u7cfb\u7edf\u3002\r\n\n\nApple MacOS X\n \u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=\"http://docs.info.apple.com/article.html?artnum=306172\" target=\"_blank\">http://docs.info.apple.com/article.html?artnum=306172</a>", "published": "2007-08-02T00:00:00", "title": "Mac OS X 2007-007\u66f4\u65b0\u4fee\u590d\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2004-0996", "CVE-2004-2541", "CVE-2005-0758", "CVE-2005-2090", "CVE-2005-3128", "CVE-2006-2842", "CVE-2006-3174", "CVE-2006-4019", "CVE-2006-6142", "CVE-2007-0450", "CVE-2007-0478", "CVE-2007-1001", "CVE-2007-1262", "CVE-2007-1287", "CVE-2007-1358", "CVE-2007-1460", "CVE-2007-1461", "CVE-2007-1484", "CVE-2007-1521", "CVE-2007-1583", "CVE-2007-1711", "CVE-2007-1717", "CVE-2007-1860", "CVE-2007-2403", "CVE-2007-2404", "CVE-2007-2405", "CVE-2007-2406", "CVE-2007-2407", "CVE-2007-2408", "CVE-2007-2409", "CVE-2007-2410", "CVE-2007-2442", "CVE-2007-2443", "CVE-2007-2446", "CVE-2007-2447", "CVE-2007-2589", "CVE-2007-2798", "CVE-2007-3742", "CVE-2007-3744", "CVE-2007-3745", "CVE-2007-3746", "CVE-2007-3747", "CVE-2007-3748", "CVE-2007-3944"], "modified": "2007-08-02T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-2062", "id": "SSV:2062", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}]}