VAR-200701-0075
Vulnerability from variot - Updated: 2023-12-18 11:21Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.11 and earlier, including 10.4.8, allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field. Successful exploits may cause arbitrary code to run superuser privileges. Failed exploit attempts will likely cause denial-of-service conditions. Apple Mac OS X 10.4.8 is reported vulnerable; other versions may be affected as well. A local unprivileged user can trigger this vulnerability by submitting malicious requests, resulting in execute arbitrary commands.
Secunia is proud to announce the availability of the Secunia Software Inspector.
The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor.
The vulnerability is caused due to a boundary error within the SLP daemon ("slpd") when processing the "attr-list" field of a registration request. Other versions may also be affected.
SOLUTION: Grant only trusted users access to affected systems.
Disable the service.
PROVIDED AND/OR DISCOVERED BY: KF
ORIGINAL ADVISORY: http://projects.info-pull.com/moab/MOAB-17-01-2007.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, or cause a denial of service.
I. Further details are available in the US-CERT Vulnerability Notes Database. These products include Samba and X11.
II. Impact
The impacts of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, and denial of service.
III. These and other updates are available via Software Update or via Apple Downloads.
IV. References
* US-CERT Vulnerability Notes for Apple Security Update 2008-001 -
<http://www.kb.cert.org/vuls/byid?searchview&query=apple_security_update_2008_001>
* About the security content of Mac OS X 10.5.2 and Security Update2008-001 -
<http://docs.info.apple.com/article.html?artnum=307430>
* About the Mac OS X 10.5.2 Update -
<http://docs.info.apple.com/article.html?artnum=307109>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Apple - Support - Downloads -
<http://www.apple.com/support/downloads/>
* X.org Foundataion Security Advisories -
<http://www.x.org/wiki/Development/Security>
* Samba Security Releases -
<http://www.samba.org/samba/history/security.html>
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA08-043B.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA08-043B Feedback VU#774345" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
February 12, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR7HyXPRFkHkM87XOAQLgawf/WfBp5mjT+DZriprWRqe1HM4Z9SSe/5Dg jMgSlX1j/YJC7FgZfjJvriQ+yXeOnhwvKggfTbkJWej+0AeRbyIUFWD/ZTh2Qylp /1vBehJW9nhT2yMT65/gT/MnbArN11AILkfSGr4W6xLPMR2zq0HsrP2SxYlAVkSO PPlo0KhWWATcjHjJEacdmry4fR6iv6xA0gFjWN6i18VX5LSMOEyO3LpDt+Rk8fet r7Pwi/QEr/nipEEw8R8Jg9+LT8dqQL1t+yhTa5pV1rceuEb3Cz67paHAqRneldW9 SAl/TPznmYCCMHqyOfHdRBUVvOxI09OPjHYkf7ghv5e06LqbfVMZug== =qwP5 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200701-0075",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.8"
},
{
"model": "minimal slp service agent",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.11"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.4.11"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.4.11"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
}
],
"sources": [
{
"db": "BID",
"id": "22101"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001127"
},
{
"db": "NVD",
"id": "CVE-2007-0355"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-303"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:minimal_slp_service_agent:10.4.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0355"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kevin Finisterre dotslash@snosoft.com LMH lmh@info-pull.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200701-303"
}
],
"trust": 0.6
},
"cve": "CVE-2007-0355",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2007-0355",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-23717",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-0355",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200701-303",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-23717",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23717"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001127"
},
{
"db": "NVD",
"id": "CVE-2007-0355"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-303"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.11 and earlier, including 10.4.8, allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field. \nSuccessful exploits may cause arbitrary code to run superuser privileges. Failed exploit attempts will likely cause denial-of-service conditions. \nApple Mac OS X 10.4.8 is reported vulnerable; other versions may be affected as well. A local unprivileged user can trigger this vulnerability by submitting malicious requests, resulting in execute arbitrary commands. \n\n----------------------------------------------------------------------\n\nSecunia is proud to announce the availability of the Secunia Software\nInspector. \n\nThe Secunia Software Inspector is a free service that detects insecure\nversions of software that you may have installed in your system. When\ninsecure versions are detected, the Secunia Software Inspector also\nprovides thorough guidelines for updating the software to the latest\nsecure version from the vendor. \n\nThe vulnerability is caused due to a boundary error within the SLP\ndaemon (\"slpd\") when processing the \"attr-list\" field of a\nregistration request. Other versions may also be affected. \n\nSOLUTION:\nGrant only trusted users access to affected systems. \n\nDisable the service. \n\nPROVIDED AND/OR DISCOVERED BY:\nKF\n\nORIGINAL ADVISORY:\nhttp://projects.info-pull.com/moab/MOAB-17-01-2007.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. Attackers could exploit these vulnerabilities to execute\n arbitrary code, gain access to sensitive information, or cause a\n denial of service. \n\n\nI. Further\n details are available in the US-CERT Vulnerability Notes Database. These products include Samba\n and X11. \n\n\nII. Impact\n\n The impacts of these vulnerabilities vary. Potential consequences\n include arbitrary code execution, sensitive information disclosure,\n and denial of service. \n\n\nIII. These and other updates are available via Software Update or\n via Apple Downloads. \n\n\nIV. References\n\n * US-CERT Vulnerability Notes for Apple Security Update 2008-001 -\n \u003chttp://www.kb.cert.org/vuls/byid?searchview\u0026query=apple_security_update_2008_001\u003e\n\n * About the security content of Mac OS X 10.5.2 and Security Update2008-001 - \n \u003chttp://docs.info.apple.com/article.html?artnum=307430\u003e\n\n * About the Mac OS X 10.5.2 Update -\n \u003chttp://docs.info.apple.com/article.html?artnum=307109\u003e\n\n * Mac OS X: Updating your software -\n \u003chttp://docs.info.apple.com/article.html?artnum=106704\u003e\n\n * Apple - Support - Downloads -\n \u003chttp://www.apple.com/support/downloads/\u003e\n\n * X.org Foundataion Security Advisories -\n \u003chttp://www.x.org/wiki/Development/Security\u003e\n\n * Samba Security Releases -\n \u003chttp://www.samba.org/samba/history/security.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA08-043B.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA08-043B Feedback VU#774345\" in the\n subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2008 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\nRevision History\n\n February 12, 2008: Initial release\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBR7HyXPRFkHkM87XOAQLgawf/WfBp5mjT+DZriprWRqe1HM4Z9SSe/5Dg\njMgSlX1j/YJC7FgZfjJvriQ+yXeOnhwvKggfTbkJWej+0AeRbyIUFWD/ZTh2Qylp\n/1vBehJW9nhT2yMT65/gT/MnbArN11AILkfSGr4W6xLPMR2zq0HsrP2SxYlAVkSO\nPPlo0KhWWATcjHjJEacdmry4fR6iv6xA0gFjWN6i18VX5LSMOEyO3LpDt+Rk8fet\nr7Pwi/QEr/nipEEw8R8Jg9+LT8dqQL1t+yhTa5pV1rceuEb3Cz67paHAqRneldW9\nSAl/TPznmYCCMHqyOfHdRBUVvOxI09OPjHYkf7ghv5e06LqbfVMZug==\n=qwP5\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0355"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001127"
},
{
"db": "BID",
"id": "22101"
},
{
"db": "VULHUB",
"id": "VHN-23717"
},
{
"db": "PACKETSTORM",
"id": "53764"
},
{
"db": "PACKETSTORM",
"id": "63540"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-23717",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23717"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "22101",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2007-0355",
"trust": 2.8
},
{
"db": "USCERT",
"id": "TA08-043B",
"trust": 2.6
},
{
"db": "SECUNIA",
"id": "23796",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1019359",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1017533",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "32693",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2007-0239",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "3151",
"trust": 1.7
},
{
"db": "XF",
"id": "31562",
"trust": 1.4
},
{
"db": "USCERT",
"id": "SA08-043B",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001127",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200701-303",
"trust": 0.7
},
{
"db": "CONFIRM",
"id": "HTTP://DOCS.INFO.APPLE.COM/ARTICLE.HTML?ARTNUM=307430",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2008-02-11",
"trust": 0.6
},
{
"db": "MILW0RM",
"id": "3151",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "TA08-043B",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-23717",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "53764",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "63540",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23717"
},
{
"db": "BID",
"id": "22101"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001127"
},
{
"db": "PACKETSTORM",
"id": "53764"
},
{
"db": "PACKETSTORM",
"id": "63540"
},
{
"db": "NVD",
"id": "CVE-2007-0355"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-303"
}
]
},
"id": "VAR-200701-0075",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-23717"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:21:06.346000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Update 2008-001",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=307430-en"
},
{
"title": "Security Update 2008-001",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=307430-ja"
},
{
"title": "TA08-043B",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta08-043b.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001127"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23717"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001127"
},
{
"db": "NVD",
"id": "CVE-2007-0355"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/22101"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta08-043b.html"
},
{
"trust": 2.5,
"url": "http://www.osvdb.org/32693"
},
{
"trust": 2.5,
"url": "http://securitytracker.com/id?1017533"
},
{
"trust": 2.5,
"url": "http://securitytracker.com/id?1019359"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/23796"
},
{
"trust": 2.1,
"url": "http://projects.info-pull.com/moab/moab-17-01-2007.html"
},
{
"trust": 2.0,
"url": "http://docs.info.apple.com/article.html?artnum=307430"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2008/feb/msg00002.html"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/0239"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/31562"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/3151"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/0239"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31562"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0355"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta08-043b/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta08-043b/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0355"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa08-043b.html"
},
{
"trust": 0.6,
"url": "http://www.milw0rm.com/exploits/3151"
},
{
"trust": 0.6,
"url": "http://milw0rm.com/exploits/3151"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/software_inspector/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/96/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/23796/"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=307109\u003e"
},
{
"trust": 0.1,
"url": "http://www.samba.org/samba/history/security.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta08-043b.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.x.org/wiki/development/security\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=307430\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=apple_security_update_2008_001\u003e"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23717"
},
{
"db": "BID",
"id": "22101"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001127"
},
{
"db": "PACKETSTORM",
"id": "53764"
},
{
"db": "PACKETSTORM",
"id": "63540"
},
{
"db": "NVD",
"id": "CVE-2007-0355"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-303"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-23717"
},
{
"db": "BID",
"id": "22101"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001127"
},
{
"db": "PACKETSTORM",
"id": "53764"
},
{
"db": "PACKETSTORM",
"id": "63540"
},
{
"db": "NVD",
"id": "CVE-2007-0355"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-303"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-01-19T00:00:00",
"db": "VULHUB",
"id": "VHN-23717"
},
{
"date": "2007-01-17T00:00:00",
"db": "BID",
"id": "22101"
},
{
"date": "2008-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001127"
},
{
"date": "2007-01-20T00:09:28",
"db": "PACKETSTORM",
"id": "53764"
},
{
"date": "2008-02-12T22:23:40",
"db": "PACKETSTORM",
"id": "63540"
},
{
"date": "2007-01-19T01:28:00",
"db": "NVD",
"id": "CVE-2007-0355"
},
{
"date": "2007-01-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200701-303"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-23717"
},
{
"date": "2008-02-12T00:16:00",
"db": "BID",
"id": "22101"
},
{
"date": "2008-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001127"
},
{
"date": "2017-10-19T01:29:59.020000",
"db": "NVD",
"id": "CVE-2007-0355"
},
{
"date": "2007-01-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200701-303"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "22101"
},
{
"db": "PACKETSTORM",
"id": "53764"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-303"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Mac OS X SLP Daemon Service Registration Local Buffer Overflow Vulnerability",
"sources": [
{
"db": "BID",
"id": "22101"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-303"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200701-303"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.