Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4702

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-4702
Last Modified 07 Mar 2011 09:59:02
Published 15 Nov 2007 03:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4702

Summary

The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.5

  • Apple Mac Os X Server 10.5


References

APPLE - APPLE-SA-2007-11-15

XF - macosx-appfw-connect-bypass(38506)

VUPEN - ADV-2007-3897

BID - 26461

SECTRACK - 1018958

SECUNIA - 27695

CONFIRM - http://docs.info.apple.com/article.html?artnum=307004

Related Patches

Apple 2007-11-15 Mac OS X 10.5.1 Update

Apple 2007-11-15 Mac OS X Server 10.5.1 Update


Last Updated: 27 May 2016 10:45:57