CVE-2007-4702

{"id": "CVE-2007-4702", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-11-15T20:46:00.000", "references": [{"url": "http://docs.info.apple.com/article.html?artnum=307004", "source": "cve@mitre.org"}, {"url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00004.html", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27695", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1018958", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/26461", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/3897", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38506", "source": "cve@mitre.org"}, {"url": "http://docs.info.apple.com/article.html?artnum=307004", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00004.html", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/27695", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1018958", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/26461", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/3897", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38506", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Application Firewall in Apple Mac OS X 10.5, when \"Block all incoming connections\" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions."}, {"lang": "es", "value": "El Cortafuegos de Aplicaci\u00f3n de Apple Mac OS X 10.5, cuando la opci\u00f3n \"Bloquear todas las conexiones entrantes\" se encuentra habilitada, no impide que procesos de root o mDNSResponder acepten conexiones, lo cual podr\u00eda permitir a atacantes remotos o procesos locales de root evitar las restricciones de seguridad establecidas."}], "lastModified": "2024-11-21T00:36:15.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2442D35-7484-43D8-9077-3FDF63104816"}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20E8648C-5469-4280-A581-D4A9A41B7213"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}