CVE-2007-4268

Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message with a negative value, which satisfies a signed comparison during mbuf allocation but is later interpreted as an unsigned value, which triggers a heap-based buffer overflow.
Configurations

Configuration 1 (hide)

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:35

Type Values Removed Values Added
References () http://docs.info.apple.com/article.html?artnum=307041 - Broken Link () http://docs.info.apple.com/article.html?artnum=307041 - Broken Link
References () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=628 - Broken Link () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=628 - Broken Link
References () http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html - Mailing List, Vendor Advisory () http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html - Mailing List, Vendor Advisory
References () http://secunia.com/advisories/27643 - Broken Link () http://secunia.com/advisories/27643 - Broken Link
References () http://securitytracker.com/id?1018950 - Broken Link, Third Party Advisory, VDB Entry () http://securitytracker.com/id?1018950 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/26444 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/26444 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.us-cert.gov/cas/techalerts/TA07-319A.html - Broken Link, Third Party Advisory, US Government Resource () http://www.us-cert.gov/cas/techalerts/TA07-319A.html - Broken Link, Third Party Advisory, US Government Resource
References () http://www.vupen.com/english/advisories/2007/3868 - Broken Link () http://www.vupen.com/english/advisories/2007/3868 - Broken Link
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/38476 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/38476 - Third Party Advisory, VDB Entry

02 Feb 2024, 02:35

Type Values Removed Values Added
CWE CWE-189 CWE-681
CVSS v2 : 7.2
v3 : unknown
v2 : 7.2
v3 : 7.8
References (APPLE) http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html - (APPLE) http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html - Mailing List, Vendor Advisory
References (IDEFENSE) http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=628 - (IDEFENSE) http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=628 - Broken Link
References (BID) http://www.securityfocus.com/bid/26444 - (BID) http://www.securityfocus.com/bid/26444 - Broken Link, Third Party Advisory, VDB Entry
References (CONFIRM) http://docs.info.apple.com/article.html?artnum=307041 - (CONFIRM) http://docs.info.apple.com/article.html?artnum=307041 - Broken Link
References (CERT) http://www.us-cert.gov/cas/techalerts/TA07-319A.html - US Government Resource (CERT) http://www.us-cert.gov/cas/techalerts/TA07-319A.html - Broken Link, Third Party Advisory, US Government Resource
References (VUPEN) http://www.vupen.com/english/advisories/2007/3868 - (VUPEN) http://www.vupen.com/english/advisories/2007/3868 - Broken Link
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/38476 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/38476 - Third Party Advisory, VDB Entry
References (SECUNIA) http://secunia.com/advisories/27643 - (SECUNIA) http://secunia.com/advisories/27643 - Broken Link
References (SECTRACK) http://securitytracker.com/id?1018950 - (SECTRACK) http://securitytracker.com/id?1018950 - Broken Link, Third Party Advisory, VDB Entry
CPE cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Information

Published : 2007-11-15 01:46

Updated : 2024-11-21 00:35


NVD link : CVE-2007-4268

Mitre link : CVE-2007-4268

CVE.ORG link : CVE-2007-4268


JSON object : View

Products Affected

apple

  • mac_os_x
CWE
CWE-681

Incorrect Conversion between Numeric Types