Search...

CVE-2007-4689

2007-11-15T01:46:00

ID CVE-2007-4689
Type cve
Reporter cve@mitre.org
Modified 2017-07-29T01:33:00

Description

Double free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets.

JSON Vulners Source

Initial Source

{"id": "CVE-2007-4689", "bulletinFamily": "NVD", "title": "CVE-2007-4689", "description": "Double free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets.", "published": "2007-11-15T01:46:00", "modified": "2017-07-29T01:33:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4689", "reporter": "cve@mitre.org", "references": ["http://secunia.com/advisories/27643", "http://www.vupen.com/english/advisories/2007/3868", "https://exchange.xforce.ibmcloud.com/vulnerabilities/38474", "http://www.securityfocus.com/bid/26444", "http://docs.info.apple.com/article.html?artnum=307041", "http://www.us-cert.gov/cas/techalerts/TA07-319A.html", "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html", "http://securitytracker.com/id?1018950"], "cvelist": ["CVE-2007-4689"], "type": "cve", "lastseen": "2019-05-29T18:09:01", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "ed2c62d14fb4aaa358bf0b53507d2702"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "39e79cebf4eabf780f2ecadc1f6005c9"}, {"key": "cpe23", "hash": "c46bc65f3bc6e95521d522344a0628ba"}, {"key": "cvelist", "hash": "6705c5b50e998b090067d7324643ef21"}, {"key": "cvss", "hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d"}, {"key": "cvss2", "hash": "729f98bc4a65b3e0e24ddfee3d3c4450"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "1c0be0631b7bf4c3a8c83298e68c99eb"}, {"key": "description", "hash": "5b5eecadf65eac5c443d1fd9faad189d"}, {"key": "href", "hash": "6d765add36523e96e39942652e38522a"}, {"key": "modified", "hash": "655503c7ae2620a40902061b8dea8781"}, {"key": "published", "hash": "a16bd67646f09ac5a3f97be6838ee5fd"}, {"key": "references", "hash": "815825058ff3285c5a134b5121832258"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "df415bd7d0bfdaa4f73131fb75679e65"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "569d6ef238104aa6e42224441ae9f754f5f7ea44ee8e71ee46b88291c30fde60", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "seebug", "idList": ["SSV:2432"]}, {"type": "nessus", "idList": ["MACOSX_10_4_11.NASL"]}], "modified": "2019-05-29T18:09:01"}, "score": {"value": 8.8, "vector": "NONE", "modified": "2019-05-29T18:09:01"}, "vulnersScore": 8.8}, "objectVersion": "1.3", "cpe": ["cpe:/o:apple:mac_os_x_server:10.4.8", "cpe:/a:apple:mac_os_x:10.4.7", "cpe:/o:apple:mac_os_x:10.4.3", "cpe:/o:apple:mac_os_x_server:10.4.5", "cpe:/a:apple:mac_os_x:10.4.2", "cpe:/o:apple:mac_os_x:10.4.8", "cpe:/o:apple:mac_os_x_server:10.4.2", "cpe:/o:apple:mac_os_x:10.4.9", "cpe:/a:apple:mac_os_x_server:10.4.2", "cpe:/a:apple:mac_os_x:10.4.3", "cpe:/o:apple:mac_os_x_server:10.4.6", "cpe:/o:apple:mac_os_x_server:10.4.4", "cpe:/a:apple:mac_os_x:10.4.8", "cpe:/a:apple:mac_os_x_server:10.4.3", "cpe:/o:apple:mac_os_x_server:10.4.10", "cpe:/a:apple:mac_os_x:10.4.1", "cpe:/a:apple:mac_os_x:10.4.10", "cpe:/o:apple:mac_os_x_server:10.4.1", "cpe:/a:apple:mac_os_x_server:10.4.10", "cpe:/o:apple:mac_os_x_server:10.4.9", "cpe:/a:apple:mac_os_x:10.4.6", "cpe:/o:apple:mac_os_x:10.4.1", "cpe:/o:apple:mac_os_x:10.4.10", "cpe:/o:apple:mac_os_x:10.4.2", "cpe:/a:apple:mac_os_x:10.4.4", "cpe:/a:apple:mac_os_x_server:10.4.7", "cpe:/o:apple:mac_os_x:10.4.6", "cpe:/a:apple:mac_os_x_server:10.4.9", "cpe:/o:apple:mac_os_x_server:10.4.3", "cpe:/a:apple:mac_os_x:10.4.5", "cpe:/a:apple:mac_os_x_server:10.4.5", "cpe:/o:apple:mac_os_x:10.4.7", "cpe:/a:apple:mac_os_x:10.4.9", "cpe:/a:apple:mac_os_x_server:10.4.8", "cpe:/a:apple:mac_os_x_server:10.4.4", "cpe:/a:apple:mac_os_x_server:10.4.1", "cpe:/o:apple:mac_os_x_server:10.4.7", "cpe:/o:apple:mac_os_x:10.4.5", "cpe:/o:apple:mac_os_x:10.4.4", "cpe:/a:apple:mac_os_x_server:10.4.6"], "affectedSoftware": [{"name": "apple mac_os_x", "operator": "eq", "version": "10.4.10"}, {"name": "apple mac_os_x_server", "operator": "eq", "version": "10.4.5"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.4.6"}, {"name": "apple mac_os_x_server", "operator": "eq", "version": "10.4.10"}, {"name": "apple mac_os_x_server", "operator": "eq", "version": "10.4.3"}, {"name": "apple mac_os_x_server", "operator": "eq", "version": "10.4.2"}, {"name": "apple mac_os_x_server", "operator": "eq", "version": "10.4.6"}, {"name": "apple mac_os_x_server", "operator": "eq", "version": "10.4.9"}, {"name": "apple mac_os_x_server", "operator": "eq", "version": "10.4.8"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.4.5"}, {"name": "apple mac_os_x_server", "operator": "eq", "version": "10.4.7"}, {"name": "apple mac_os_x_server", "operator": "eq", "version": "10.4.1"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.4.4"}, {"name": "apple mac_os_x_server", "operator": "eq", "version": "10.4.4"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.4.2"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.4.1"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.4.3"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.4.8"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.4.9"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.4.7"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*"], "cwe": ["CWE-399"]}

{"seebug": [{"lastseen": "2017-11-19T21:54:52", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 26444\r\nCVE(CAN) ID: CVE-2007-4678,CVE-2007-4679,CVE-2007-4680,CVE-2007-4681,CVE-2007-4682,CVE-2007-3749,CVE-2007-4683,CVE-2007-4684,CVE-2007-4685,CVE-2007-4686,CVE-2007-4687,CVE-2007-4688,CVE-2007-4689,CVE-2007-4269,CVE-2007-4268,CVE-2007-4690,CVE-2007-4691,CVE-2007-4692,CVE-2007-4693,CVE-2007-4694,CVE-2007-4695,CVE-2007-4696,CVE-2007-4697,CVE-2007-4698,CVE-2007-4699,CVE-2007-4700,CVE-2007-4701\r\n\r\nApple Mac OS X\u662f\u82f9\u679c\u5bb6\u65cf\u673a\u5668\u6240\u4f7f\u7528\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple Mac OS X\u768410.4.11\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff1a\r\n\r\nCVE-2007-4678\r\n\r\n\u5728\u52a0\u8f7d\u5265\u79bb\u7684\u78c1\u76d8\u955c\u50cf\u65f6AppleRAID\u4e2d\u5b58\u5728\u7a7a\u6307\u9488\u5f15\u7528\uff0c\u53ef\u80fd\u5bfc\u81f4\u7cfb\u7edf\u610f\u5916\u5173\u95ed\u3002\u5982\u679c\u542f\u7528\u4e86\u201c\u4e0b\u8f7d\u540e\u6253\u5f00\u5b89\u5168\u6587\u4ef6\u201d\u9009\u9879\u7684\u8bdd\uff0cSafari\u4f1a\u81ea\u52a8\u52a0\u8f7d\u78c1\u76d8\u955c\u50cf\u3002\r\n\r\nCVE-2007-4679\r\n\r\nCFNetwork\u7684FTP\u90e8\u5206\u5b9e\u73b0\u4e2d\u5b58\u5728\u6f0f\u6d1e\uff0c\u5982\u679c\u53d1\u9001\u4e86\u7279\u5236\u7684FTP PASV\u547d\u4ee4\u7684\u8bdd\uff0cFTP\u670d\u52a1\u5668\u5c31\u4f1a\u5bfc\u81f4\u5ba2\u6237\u7aef\u8fde\u63a5\u5230\u5176\u4ed6\u4e3b\u673a\u3002\r\n\r\nCVE-2007-4680\r\n\r\n\u8bc1\u4e66\u9a8c\u8bc1\u4e2d\u5b58\u5728\u9519\u8bef\uff0c\u4e2d\u95f4\u4eba\u653b\u51fb\u53ef\u80fd\u5c06\u7528\u6237\u5b9a\u5411\u5230\u5177\u5907\u6709\u6548SSL\u8bc1\u4e66\u7684\u5408\u6cd5\u7ad9\u70b9\uff0c\u7136\u540e\u91cd\u65b0\u5b9a\u5411\u5230\u9519\u8bef\u7684\u663e\u793a\u4e3a\u53ef\u4fe1\u4efb\u7684\u6b3a\u9a97\u7ad9\u70b9\uff0c\u5bfc\u81f4\u6cc4\u6f0f\u51ed\u636e\u6216\u5176\u4ed6\u4fe1\u606f\u3002\r\n\r\nCVE-2007-4681\r\n\r\nCoreFoundation\u5728\u5217\u51fa\u76ee\u5f55\u5185\u5bb9\u65f6\u5b58\u5728\u5355\u5b57\u8282\u6ea2\u51fa\u6f0f\u6d1e\u3002\u5982\u679c\u7528\u6237\u53d7\u9a97\u8bfb\u53d6\u4e86\u6076\u610f\u7684\u76ee\u5f55\u7ed3\u6784\uff0c\u5c31\u4f1a\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nCVE-2007-4682\r\n\r\n\u5904\u7406\u6587\u672c\u5185\u5bb9\u65f6\u5b58\u5728\u672a\u521d\u59cb\u5316\u5bf9\u8c61\u6307\u9488\u6f0f\u6d1e\u3002\u5982\u679c\u7528\u6237\u53d7\u9a97\u67e5\u770b\u4e86\u6076\u610f\u7684\u6587\u672c\u5185\u5bb9\uff0c\u5c31\u4f1a\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nCVE-2007-3749\r\n\r\n\u5728\u6267\u884c\u7279\u6743\u4e8c\u8fdb\u5236\u7a0b\u5e8f\u65f6\uff0c\u5185\u6838\u6ca1\u6709\u91cd\u7f6e\u5f53\u524d\u7684Mach\u7ebf\u7a0b\u7aef\u53e3\u6216\u7ebf\u7a0b\u5f02\u5e38\u7aef\u53e3\uff0c\u5141\u8bb8\u672c\u5730\u7528\u6237\u5c06\u4efb\u610f\u6570\u636e\u5199\u5165\u5230\u7cfb\u7edf\u8fdb\u7a0b\u7684\u5730\u5740\u7a7a\u95f4\uff0c\u5bfc\u81f4\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\nCVE-2007-4683\r\n\r\nchroot\u673a\u5236\u5e94\u9650\u5236\u8bbe\u7f6e\u8fdb\u7a0b\u53ef\u8bbf\u95ee\u7684\u6587\u4ef6\uff0c\u4f46\u653b\u51fb\u8005\u53ef\u4ee5\u4f7f\u7528\u76f8\u5bf9\u8def\u5f84\u66f4\u6539\u5de5\u4f5c\u76ee\u5f55\uff0c\u7ed5\u8fc7\u8fd9\u79cd\u9650\u5236\u3002\r\n\r\nCVE-2007-4684\r\n\r\ni386_set_ldt\u7cfb\u7edf\u8c03\u7528\u4e2d\u7684\u5355\u5b57\u8282\u6ea2\u51fa\u6f0f\u6d1e\u53ef\u80fd\u5141\u8bb8\u672c\u5730\u7528\u6237\u4ee5\u63d0\u5347\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\nCVE-2007-4685\r\n\r\n\u5728\u6267\u884csetuid\u548csetgid\u7a0b\u5e8f\u65f6\u6807\u51c6\u6587\u4ef6\u63cf\u8ff0\u7b26\u7684\u5904\u7406\u4e2d\u5b58\u5728\u6f0f\u6d1e\uff0c\u53ef\u80fd\u5141\u8bb8\u672c\u5730\u7528\u6237\u901a\u8fc7\u6267\u884c\u5904\u4e8e\u975e\u9884\u671f\u72b6\u6001\u4e2d\u6709\u6807\u51c6\u6587\u4ef6\u63cf\u8ff0\u7b26\u7684setuid\u7a0b\u5e8f\u83b7\u5f97\u7cfb\u7edf\u6743\u9650\u3002 \r\n\r\nCVE-2007-4686\r\n\r\nioctl\u8bf7\u6c42\u5904\u7406\u4e2d\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u53d1\u9001\u6076\u610f\u7684ioctl\u8bf7\u6c42\u5bfc\u81f4\u7cfb\u7edf\u610f\u5916\u5173\u95ed\u6216\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002 \r\n\r\nCVE-2007-4687\r\n\r\n\u9ed8\u8ba4\u4e0b/private/tftpboot/private\u76ee\u5f55\u5305\u542b\u6709\u5230\u6839\u76ee\u5f55\u7684\u7b26\u53f7\u94fe\u63a5\uff0c\u8fd9\u5141\u8bb8\u5ba2\u6237\u7aef\u8bbf\u95ee\u7cfb\u7edf\u4e0a\u7684\u4efb\u610f\u8def\u5f84\u3002\r\n\r\nCVE-2007-4688\r\n\r\nNode Information Query\u673a\u5236\u5b9e\u73b0\u4e2d\u7684\u6f0f\u6d1e\u5141\u8bb8\u8fdc\u7a0b\u7528\u6237\u67e5\u8be2\u4e3b\u673a\u7684\u6240\u6709\u5730\u5740\uff0c\u5305\u62eclink-local\u5730\u5740\u3002\r\n\r\nCVE-2007-4689\r\n\r\n\u5904\u7406\u67d0\u4e9bIPV6\u62a5\u6587\u4e2d\u5b58\u5728\u53cc\u91cd\u91ca\u653e\u6f0f\u6d1e\uff0c\u53ef\u80fd\u5bfc\u81f4\u7cfb\u7edf\u610f\u5916\u5173\u95ed\u6216\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002 \r\n\r\nCVE-2007-4268\r\n\r\nAppleTalk\u5728\u5904\u7406\u5185\u5b58\u5206\u914d\u65f6\u5b58\u5728\u7b97\u6cd5\u9519\u8bef\uff0c\u53ef\u80fd\u89e6\u53d1\u5806\u6ea2\u51fa\u3002\u672c\u5730\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u53d1\u9001\u6076\u610f\u7684AppleTalk\u6d88\u606f\u5bfc\u81f4\u7cfb\u7edf\u610f\u5916\u5173\u95ed\u6216\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002 \r\n\r\nCVE-2007-4269\r\n\r\nAppleTalk\u5904\u7406ASP\u6d88\u606f\u65f6\u5b58\u5728\u6574\u6570\u6ea2\u51fa\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u5bf9AppleTalk\u5957\u63a5\u5b57\u53d1\u9001\u6076\u610f\u7684ASP\u6d88\u606f\u5bfc\u81f4\u7cfb\u7edf\u610f\u5916\u5173\u95ed\u6216\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002 \r\n\r\nCVE-2007-4690\r\n\r\n\u5728\u5904\u7406AUTH_UNIX RPC\u8c03\u7528\u65f6\u53ef\u80fd\u5728NFS\u4e2d\u89e6\u53d1\u53cc\u91cd\u91ca\u653e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7TCP\u6216UDP\u53d1\u9001\u6076\u610f\u7684AUTH_UNIX RPC\u8c03\u7528\u5bfc\u81f4\u7cfb\u7edf\u610f\u5916\u5173\u95ed\u6216\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002 \r\n\r\nCVE-2007-4691\r\n\r\n\u5728\u5224\u65adURL\u662f\u5426\u5f15\u7528\u4e86\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u65f6NSURL\u4e2d\u5b58\u5728\u533a\u5206\u5927\u5c0f\u5199\u6587\u4ef6\uff0cAPI\u7684\u8c03\u7528\u8005\u53ef\u80fd\u505a\u51fa\u9519\u8bef\u7684\u5b89\u5168\u51b3\u5b9a\uff0c\u5bfc\u81f4\u672a\u7ecf\u63d0\u4f9b\u5408\u9002\u7684\u5b89\u5168\u8b66\u544a\u4fbf\u6267\u884c\u672c\u5730\u7cfb\u7edf\u6216\u7f51\u7edc\u5377\u6807\u4e0a\u7684\u4efb\u610f\u6587\u4ef6\u3002 \r\n\r\nCVE-2007-4692\r\n\r\nSafari\u7684Tabbed\u6d4f\u89c8\u529f\u80fd\u5b9e\u73b0\u4e2d\u5b58\u5728\u6f0f\u6d1e\uff0c\u5982\u679c\u975e\u6d3b\u52a8\u6807\u7b7e\u6240\u52a0\u8f7d\u7ad9\u70b9\u4f7f\u7528\u4e86HTTP\u8ba4\u8bc1\u7684\u8bdd\uff0c\u5c3d\u7ba1\u6807\u7b7e\u53ca\u5176\u76f8\u5173\u9875\u9762\u662f\u4e0d\u53ef\u89c1\u7684\uff0c\u4f46\u4ecd\u53ef\u4ee5\u663e\u793a\u8ba4\u8bc1\u8868\u3002\u7528\u6237\u53ef\u80fd\u8ba4\u4e3a\u8ba4\u8bc1\u8868\u6765\u81ea\u5f53\u524d\u7684\u6d3b\u52a8\u9875\u9762\uff0c\u8fd9\u53ef\u80fd\u5bfc\u81f4\u6cc4\u6f0f\u7528\u6237\u51ed\u636e\u3002\r\n\r\nCVE-2007-4693\r\n\r\n\u5728\u4ece\u4f11\u7720\u6216\u5c4f\u4fdd\u72b6\u6001\u5524\u9192\u8ba1\u7b97\u673a\u65f6\uff0c\u7269\u7406\u8bbf\u95ee\u7684\u7528\u6237\u53ef\u4ee5\u5411\u5c4f\u4fdd\u8ba4\u8bc1\u5bf9\u8bdd\u540e\u8fd0\u884c\u7684\u8fdb\u7a0b\u53d1\u9001\u952e\u76d8\u52a8\u4f5c\u3002 \r\n\r\nCVE-2007-4694\r\n\r\nSafari\u5728\u52a0\u8f7d\u8d44\u6e90\u65f6\u6ca1\u6709\u963b\u65adfile:// URL\uff0c\u5982\u679c\u7528\u6237\u53d7\u9a97\u8bbf\u95ee\u4e86\u6076\u610f\u7ad9\u70b9\u7684\u8bdd\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u5c31\u53ef\u4ee5\u67e5\u770b\u672c\u5730\u6587\u4ef6\u7684\u5185\u5bb9\u3002\r\n\r\nCVE-2007-4695\r\n\r\n\u5728\u5904\u7406HTML\u8868\u5355\u65f6\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\uff0c\u5982\u679c\u7528\u6237\u53d7\u9a97\u4e0a\u4f20\u4e86\u6076\u610f\u6587\u4ef6\u7684\u8bdd\uff0c\u653b\u51fb\u8005\u5c31\u53ef\u4ee5\u66f4\u6539\u8868\u5355\u5b57\u6bb5\u7684\u503c\uff0c\u5bfc\u81f4\u670d\u52a1\u5668\u5728\u5904\u7406\u8868\u5355\u65f6\u53ef\u80fd\u4f1a\u51fa\u73b0\u975e\u9884\u671f\u7684\u884c\u4e3a\u3002 \r\n\r\nCVE-2007-4696\r\n\r\nSafari\u5728\u5904\u7406\u9875\u9762\u8f6c\u6362\u65f6\u5b58\u5728\u7ade\u4e89\u6761\u4ef6\uff0c\u5982\u679c\u7528\u6237\u53d7\u9a97\u8bbf\u95ee\u4e86\u6076\u610f\u7f51\u9875\u7684\u8bdd\uff0c\u653b\u51fb\u8005\u5c31\u53ef\u4ee5\u83b7\u5f97\u5176\u4ed6\u7ad9\u70b9\u4e0a\u8868\u5355\u6240\u8f93\u5165\u7684\u4fe1\u606f\u3002\r\n\r\nCVE-2007-4697\r\n\r\n\u5728\u5904\u7406\u6d4f\u89c8\u5668\u7684\u5386\u53f2\u8bb0\u5f55\u65f6\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u5982\u679c\u7528\u6237\u53d7\u9a97\u8bbf\u95ee\u4e86\u6076\u610f\u7f51\u9875\u7684\u8bdd\uff0c\u653b\u51fb\u8005\u5c31\u53ef\u4ee5\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nCVE-2007-4698\r\n\r\nSafari\u5141\u8bb8\u5c06JavaScript\u4e8b\u4ef6\u5173\u8054\u5230\u9519\u8bef\u7684\u5e27\uff0c\u5982\u679c\u7528\u6237\u53d7\u9a97\u8bbf\u95ee\u4e86\u6076\u610f\u7f51\u9875\uff0c\u653b\u51fb\u8005\u5c31\u53ef\u4ee5\u5728\u5176\u4ed6\u7ad9\u70b9\u7684\u4e0a\u4e0b\u6587\u6267\u884cJavaScript\u3002\r\n\r\nCVE-2007-4699\r\n\r\n\u9ed8\u8ba4\u4e0b\u5f53Safari\u5411\u5bc6\u94a5\u94fe\u6dfb\u52a0\u79c1\u94a5\u65f6\u53ef\u80fd\u672a\u63d0\u4f9b\u8b66\u544a\u4fbf\u5141\u8bb8\u5e94\u7528\u7a0b\u5e8f\u8bbf\u95ee\u5bc6\u94a5\u3002 \r\n\r\nCVE-2007-4700\r\n\r\nSafari\u53ef\u80fd\u5141\u8bb8\u6076\u610f\u7ad9\u70b9\u5411\u4efb\u610fTCP\u7aef\u53e3\u53d1\u9001\u8fdc\u7a0b\u6307\u5b9a\u7684\u6570\u636e\u3002 \r\n\r\nCVE-2007-4701\r\n\r\nWebKit/Safari\u5728\u9884\u89c8PDF\u6587\u4ef6\u65f6\u4f1a\u521b\u5efa\u4e34\u65f6\u6587\u4ef6\uff0c\u8fd9\u5141\u8bb8\u672c\u5730\u7528\u6237\u8bbf\u95ee\u6587\u4ef6\u7684\u5185\u5bb9\u3002\r\n\n\nApple Mac OS X 10.4 - 10.4.10\r\nApple MacOS X Server 10.4 - 10.4.10\n \u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=\"http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16036&cat=1&platform=osx&method=sa/MacOSXUpdCombo10.4.11Intel.dmg\" target=\"_blank\">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16036&cat=1&platform=osx&method=sa/MacOSXUpdCombo10.4.11Intel.dmg</a>\r\n<a href=\"http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16051&cat=1&platform=osx&method=sa/MacOSXUpdCombo10.4.11PPC.dmg\" target=\"_blank\">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16051&cat=1&platform=osx&method=sa/MacOSXUpdCombo10.4.11PPC.dmg</a>", "modified": "2007-11-17T00:00:00", "published": "2007-11-17T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-2432", "id": "SSV:2432", "type": "seebug", "title": "Apple Mac OS X v10.4.11\u4e4b\u524d\u7248\u672c\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:10:25", "bulletinFamily": "scanner", "description": "The remote host is running a version of Mac OS X 10.4 which is older than version 10.4.11 or a version of Mac OS X 10.3 which does not have Security Update 2007-008 applied. \n\nThis update contains several security fixes for the following programs :\n\n - Flash Player Plugin\n - AppleRAID\n - BIND\n - bzip2\n - CFFTP\n - CFNetwork\n - CoreFoundation\n - CoreText\n - Kerberos\n - Kernel\n - remote_cmds\n - Networking\n - NFS\n - NSURL\n - Safari\n - SecurityAgent\n - WebCore\n - WebKit", "modified": "2018-07-14T00:00:00", "id": "MACOSX_10_4_11.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=28212", "published": "2007-11-14T00:00:00", "title": "Mac OS X < 10.4.11 Multiple Vulnerabilities (Security Update 2007-008)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(28212);\n script_version (\"1.23\");\n if ( NASL_LEVEL >= 3000 )\n script_cve_id(\"CVE-2007-3456\", \"CVE-2007-4678\", \"CVE-2007-2926\", \"CVE-2005-0953\", \"CVE-2005-1260\", \n \"CVE-2007-4679\", \"CVE-2007-4680\", \"CVE-2007-0464\", \"CVE-2007-4681\", \"CVE-2007-4682\", \n \"CVE-2007-3999\", \"CVE-2007-4743\", \"CVE-2007-3749\", \"CVE-2007-4683\", \"CVE-2007-4684\", \n \"CVE-2007-4685\", \"CVE-2006-6127\", \"CVE-2007-4686\", \"CVE-2007-4687\", \"CVE-2007-4688\", \n \"CVE-2007-4269\", \"CVE-2007-4689\", \"CVE-2007-4267\", \"CVE-2007-4268\", \"CVE-2007-4690\", \n \"CVE-2007-4691\", \"CVE-2007-0646\", \"CVE-2007-4692\", \"CVE-2007-4693\", \"CVE-2007-4694\", \n \"CVE-2007-4695\", \"CVE-2007-4696\", \"CVE-2007-4697\", \"CVE-2007-4698\", \"CVE-2007-3758\", \n \"CVE-2007-3760\", \"CVE-2007-4671\", \"CVE-2007-3756\", \"CVE-2007-4699\", \"CVE-2007-4700\", \n \"CVE-2007-4701\");\n script_bugtraq_id(26444);\n script_xref(name:\"TRA\", value:\"TRA-2007-07\");\n\n script_name(english:\"Mac OS X < 10.4.11 Multiple Vulnerabilities (Security Update 2007-008)\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update which fixes a security\nissue.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.4 which is older\nthan version 10.4.11 or a version of Mac OS X 10.3 which does not have\nSecurity Update 2007-008 applied. \n\nThis update contains several security fixes for the following programs :\n\n - Flash Player Plugin\n - AppleRAID\n - BIND\n - bzip2\n - CFFTP\n - CFNetwork\n - CoreFoundation\n - CoreText\n - Kerberos\n - Kernel\n - remote_cmds\n - Networking\n - NFS\n - NSURL\n - Safari\n - SecurityAgent\n - WebCore\n - WebKit\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/research/tra-2007-07\");\n script_set_attribute(attribute:\"see_also\", value:\"http://docs.info.apple.com/article.html?artnum=307041\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Mac OS X 10.4 : Upgrade to Mac OS X 10.4.11 :\n\nhttp://www.apple.com/support/downloads/macosx10411updateppc.html\nhttp://www.apple.com/support/downloads/macosx10411updateintel.html\n\nMac OS X 10.3 : Apply Security Update 2007-008 :\n\nhttp://www.apple.com/support/downloads/securityupdate20070081039client.html\nhttp://www.apple.com/support/downloads/securityupdate20070081039server.html\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 20, 22, 79, 119, 134, 189, 200, 264, 287, 362, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/11/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/03/31\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2007/09/04\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"combined\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\nscript_end_attributes();\n\n script_summary(english:\"Check for the version of Mac OS X\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"MacOS X Local Security Checks\");\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n exit(0);\n}\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif ( ! os ) {\n\tos = get_kb_item(\"Host/OS\");\n\tconfidence = get_kb_item(\"Host/OS/Confidence\");\n\tif ( confidence <= 90 ) exit(0);\n\t}\nif ( ! os ) exit(0);\nif ( ereg(pattern:\"Mac OS X 10\\.4($|\\.([1-9]$|10))\", string:os)) security_hole(0);\nelse if ( ereg(pattern:\"Mac OS X 10\\.3\\.\", string:os) )\n{\n packages = get_kb_item(\"Host/MacOSX/packages\");\n if ( ! packages ) exit(0);\n if (!egrep(pattern:\"^SecUpd(Srvr)?2007-008\", string:packages)) security_hole(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}