Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4703

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2007-4703
Last Modified 07 Mar 2011 12:00:00
Published 15 Nov 2007 03:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4703

Summary

The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable, which might allow remote attackers or local root processes to bypass intended access restrictions.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.5

  • Apple Mac Os X Server 10.5


References

APPLE - APPLE-SA-2007-11-15

CONFIRM - http://docs.info.apple.com/article.html?artnum=307004

XF - macosx-appfw-rootuid-bypass(38479)

VUPEN - ADV-2007-3897

BID - 26460

SECTRACK - 1018958

SECUNIA - 27695

Related Patches

Apple 2007-11-15 Mac OS X 10.5.1 Update

Apple 2007-11-15 Mac OS X Server 10.5.1 Update


Last Updated: 27 May 2016 10:45:57