admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2007/CVE-2007-42xx/CVE-2007-4268.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

243 lines
6.9 KiB
JSON
Raw Blame History

{
"id": "CVE-2007-4268",
"sourceIdentifier": "cve@mitre.org",
"published": "2007-11-15T01:46:00.000",
"lastModified": "2024-11-21T00:35:11.323",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message with a negative value, which satisfies a signed comparison during mbuf allocation but is later interpreted as an unsigned value, which triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Un error en la propiedad signedness de enteros en el componente Networking en Apple Mac OS X versiones 10.4 hasta 10.4.10, permite a usuarios locales ejecutar c\u00f3digo arbitrario por medio de un mensaje de AppleTalk dise\u00f1ado con un valor negativo, que satisface una comparaci\u00f3n firmada durante la asignaci\u00f3n de mbuf pero que luego es interpretada como un valor sin firmar, lo que desencadena un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"baseScore": 7.2,
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"acInsufInfo": true,
"obtainAllPrivilege": true,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-681"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.4.0",
"versionEndIncluding": "10.4.10",
"matchCriteriaId": "ED9822D0-73F1-4B57-ADB5-0EBA7F78C7F1"
}
]
}
]
}
],
"references": [
{
"url": "http://docs.info.apple.com/article.html?artnum=307041",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=628",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html",
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/27643",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://securitytracker.com/id?1018950",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securityfocus.com/bid/26444",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "http://www.vupen.com/english/advisories/2007/3868",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38476",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://docs.info.apple.com/article.html?artnum=307041",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
},
{
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=628",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
},
{
"url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/27643",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
},
{
"url": "http://securitytracker.com/id?1018950",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securityfocus.com/bid/26444",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "http://www.vupen.com/english/advisories/2007/3868",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38476",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
],
"evaluatorImpact": "\"By sending a maliciously crafted AppleTalk message, a local user may\ncause an unexpected system shutdown or arbitrary code execution with\nsystem privileges.\""
}
Reference in New Issue View Git Blame Copy Permalink