fkie_cve-2007-0724
Vulnerability from fkie_nvd
Published
2007-03-13 22:19
Modified
2025-04-09 00:30
Severity ?
Summary
The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently limit access to certain controls, which allows local users to gain privileges by using HID device events to read keystrokes from the console.
References
cve@mitre.orghttp://docs.info.apple.com/article.html?artnum=305214
cve@mitre.orghttp://docs.info.apple.com/article.html?artnum=305391
cve@mitre.orghttp://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2007/Mar/msg00002.htmlPatch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/24479
cve@mitre.orghttp://secunia.com/advisories/24966
cve@mitre.orghttp://www.osvdb.org/34855
cve@mitre.orghttp://www.securityfocus.com/bid/22948
cve@mitre.orghttp://www.securitytracker.com/id?1017751
cve@mitre.orghttp://www.securitytracker.com/id?1017942
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA07-072A.htmlUS Government Resource
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA07-109A.htmlUS Government Resource
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/0930
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/1470
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/32973
af854a3a-2127-422b-91ae-364da2661108http://docs.info.apple.com/article.html?artnum=305214
af854a3a-2127-422b-91ae-364da2661108http://docs.info.apple.com/article.html?artnum=305391
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24479
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24966
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/34855
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/22948
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1017751
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1017942
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA07-072A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA07-109A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/0930
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/1470
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/32973
Impacted products
Vendor Product Version
apple mac_os_x 10.3.9
apple mac_os_x 10.4
apple mac_os_x 10.4.1
apple mac_os_x 10.4.2
apple mac_os_x 10.4.3
apple mac_os_x 10.4.4
apple mac_os_x 10.4.5
apple mac_os_x 10.4.6
apple mac_os_x 10.4.7
apple mac_os_x 10.4.8
apple mac_os_x_server 10.4
apple mac_os_x_server 10.4.1
apple mac_os_x_server 10.4.2
apple mac_os_x_server 10.4.3
apple mac_os_x_server 10.4.4
apple mac_os_x_server 10.4.5
apple mac_os_x_server 10.4.6
apple mac_os_x_server 10.4.7
apple mac_os_x_server 10.4.8


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6931D5-DE7E-41F6-ADDC-AB5A8A167F69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0760FDDB-38D3-4263-9B4D-1AF5E613A4F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFD4DE58-46C7-4E69-BF36-C5FD768B8248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF824694-52DE-44E3-ACAD-60B2A84CD3CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B73A0891-A37A-4E0D-AA73-B18BFD6B1447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "26AC38AB-D689-4B2B-9DAE-F03F4DFD15BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C580935-0091-4163-B747-750FB7686973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB0F2132-8431-4CEF-9A3D-A69425E3834E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8719F3C4-F1DE-49B5-9301-22414A2B6F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "09ED46A8-1739-411C-8807-2A416BDB6DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D24D5FA5-95DD-4ECC-B99A-8CB33156A6D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "29644501-54BD-45E9-A6C1-618892CD354F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A132487-E89F-4D0D-8366-14AFC904811F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD231103-D7C7-4697-BE90-D67558D6115C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCADAAA0-C885-466C-A122-A94E73EAF817",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "448DB1C7-7B0C-4076-9B9F-1CDCD5EB6930",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BE429EF-24D4-453A-8B43-8CCEF5D72773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AC9692A-CE81-446D-B136-449662C4B9A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "504D78AB-5374-48C9-B357-DB6BD2267D2D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently limit access to certain controls, which allows local users to gain privileges by using HID device events to read keystrokes from the console."
    },
    {
      "lang": "es",
      "value": "El interfaz IOKit HID en Apple Mac OS X 10.3.9 y 10.4 hasta 10.4.8 no limita lo suficiente el acceso a ciertos controles, lo cual permite a usuarios locales obtener privilegios utilizando eventos de dispositivo HID para leer pulsaciones de teclado desde la consola."
    }
  ],
  "id": "CVE-2007-0724",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-03-13T22:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://docs.info.apple.com/article.html?artnum=305214"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://docs.info.apple.com/article.html?artnum=305391"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24479"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24966"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/34855"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22948"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017751"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017942"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-109A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/0930"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1470"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32973"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=305214"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=305391"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24479"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24966"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/34855"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22948"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017751"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017942"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-109A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0930"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1470"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32973"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.