ID CVE-2007-0229
Summary Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.
References
Vulnerable Configurations
  • cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*
  • cpe:2.3:o:freebsd:freebsd:6.1:*:*:*:*:*:*:*
    cpe:2.3:o:freebsd:freebsd:6.1:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 29-07-2017 - 01:30)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
apple APPLE-SA-2007-03-13
bid 21993
cert TA07-072A
confirm http://docs.info.apple.com/article.html?artnum=305214
misc
mlist [freebsd-security] 20070114 MOAB advisories
osvdb 32684
sectrack 1017751
secunia
  • 23703
  • 24479
vupen
  • ADV-2007-0141
  • ADV-2007-0930
xf macos-ffsmountfs-bo(31409)
Last major update 29-07-2017 - 01:30
Published 13-01-2007 - 02:28
Back to Top