Vulnerability-Lookup

CVE-2007-4702 (GCVE-0-2007-4702)

Vulnerability from cvelistv5 – Published: 2007-11-15 20:00 – Updated: 2024-08-07 15:08

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/27695	third-party-advisoryx_refsource_SECUNIA
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.vupen.com/english/advisories/2007/3897	vdb-entryx_refsource_VUPEN
	http://docs.info.apple.com/article.html?artnum=307004	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/26461	vdb-entryx_refsource_BID
	http://securitytracker.com/id?1018958	vdb-entryx_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:08:32.957Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "27695",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27695"
          },
          {
            "name": "APPLE-SA-2007-11-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00004.html"
          },
          {
            "name": "ADV-2007-3897",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3897"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=307004"
          },
          {
            "name": "26461",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26461"
          },
          {
            "name": "1018958",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018958"
          },
          {
            "name": "macosx-appfw-connect-bypass(38506)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38506"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-11-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Application Firewall in Apple Mac OS X 10.5, when \"Block all incoming connections\" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "27695",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27695"
        },
        {
          "name": "APPLE-SA-2007-11-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00004.html"
        },
        {
          "name": "ADV-2007-3897",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3897"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=307004"
        },
        {
          "name": "26461",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26461"
        },
        {
          "name": "1018958",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018958"
        },
        {
          "name": "macosx-appfw-connect-bypass(38506)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38506"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4702",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Application Firewall in Apple Mac OS X 10.5, when \"Block all incoming connections\" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "27695",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27695"
            },
            {
              "name": "APPLE-SA-2007-11-15",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00004.html"
            },
            {
              "name": "ADV-2007-3897",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3897"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307004",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=307004"
            },
            {
              "name": "26461",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26461"
            },
            {
              "name": "1018958",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1018958"
            },
            {
              "name": "macosx-appfw-connect-bypass(38506)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38506"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4702",
    "datePublished": "2007-11-15T20:00:00",
    "dateReserved": "2007-09-05T00:00:00",
    "dateUpdated": "2024-08-07T15:08:32.957Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-4702\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-11-15T20:46:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Application Firewall in Apple Mac OS X 10.5, when \\\"Block all incoming connections\\\" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions.\"},{\"lang\":\"es\",\"value\":\"El Cortafuegos de Aplicaci\u00f3n de Apple Mac OS X 10.5, cuando la opci\u00f3n \\\"Bloquear todas las conexiones entrantes\\\" se encuentra habilitada, no impide que procesos de root o mDNSResponder acepten conexiones, lo cual podr\u00eda permitir a atacantes remotos o procesos locales de root evitar las restricciones de seguridad establecidas.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2442D35-7484-43D8-9077-3FDF63104816\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20E8648C-5469-4280-A581-D4A9A41B7213\"}]}]}],\"references\":[{\"url\":\"http://docs.info.apple.com/article.html?artnum=307004\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2007/Nov/msg00004.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/27695\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1018958\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/26461\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3897\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38506\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=307004\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2007/Nov/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/27695\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1018958\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/26461\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3897\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38506\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-9P3Q-PPJF-98HP

Vulnerability from github – Published: 2022-05-01 18:26 – Updated: 2022-05-01 18:26

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-4702"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-11-15T20:46:00Z",
    "severity": "HIGH"
  },
  "details": "The Application Firewall in Apple Mac OS X 10.5, when \"Block all incoming connections\" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions.",
  "id": "GHSA-9p3q-ppjf-98hp",
  "modified": "2022-05-01T18:26:27Z",
  "published": "2022-05-01T18:26:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4702"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38506"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=307004"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27695"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1018958"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26461"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/3897"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2007-4702

Vulnerability from fkie_nvd - Published: 2007-11-15 20:46 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=307004
cve@mitre.org	http://lists.apple.com/archives/security-announce/2007/Nov/msg00004.html	Patch
cve@mitre.org	http://secunia.com/advisories/27695	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1018958
cve@mitre.org	http://www.securityfocus.com/bid/26461
cve@mitre.org	http://www.vupen.com/english/advisories/2007/3897
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/38506
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=307004
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2007/Nov/msg00004.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27695	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1018958
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26461
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3897
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/38506

Impacted products

	Vendor	Product	Version
	apple	mac_os_x	10.5
	apple	mac_os_x_server	10.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2442D35-7484-43D8-9077-3FDF63104816",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "20E8648C-5469-4280-A581-D4A9A41B7213",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Application Firewall in Apple Mac OS X 10.5, when \"Block all incoming connections\" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions."
    },
    {
      "lang": "es",
      "value": "El Cortafuegos de Aplicaci\u00f3n de Apple Mac OS X 10.5, cuando la opci\u00f3n \"Bloquear todas las conexiones entrantes\" se encuentra habilitada, no impide que procesos de root o mDNSResponder acepten conexiones, lo cual podr\u00eda permitir a atacantes remotos o procesos locales de root evitar las restricciones de seguridad establecidas."
    }
  ],
  "id": "CVE-2007-4702",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-11-15T20:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://docs.info.apple.com/article.html?artnum=307004"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27695"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1018958"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26461"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3897"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38506"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=307004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27695"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1018958"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26461"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3897"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38506"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2007-4702

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-4702

Aliases

CVE-2007-4702

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-4702",
    "description": "The Application Firewall in Apple Mac OS X 10.5, when \"Block all incoming connections\" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions.",
    "id": "GSD-2007-4702"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-4702"
      ],
      "details": "The Application Firewall in Apple Mac OS X 10.5, when \"Block all incoming connections\" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions.",
      "id": "GSD-2007-4702",
      "modified": "2023-12-13T01:21:36.584874Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-4702",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Application Firewall in Apple Mac OS X 10.5, when \"Block all incoming connections\" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "27695",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27695"
          },
          {
            "name": "APPLE-SA-2007-11-15",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00004.html"
          },
          {
            "name": "ADV-2007-3897",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/3897"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=307004",
            "refsource": "CONFIRM",
            "url": "http://docs.info.apple.com/article.html?artnum=307004"
          },
          {
            "name": "26461",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/26461"
          },
          {
            "name": "1018958",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1018958"
          },
          {
            "name": "macosx-appfw-connect-bypass(38506)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38506"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4702"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Application Firewall in Apple Mac OS X 10.5, when \"Block all incoming connections\" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2007-11-15",
              "refsource": "APPLE",
              "tags": [
                "Patch"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00004.html"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307004",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://docs.info.apple.com/article.html?artnum=307004"
            },
            {
              "name": "26461",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/26461"
            },
            {
              "name": "1018958",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1018958"
            },
            {
              "name": "27695",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27695"
            },
            {
              "name": "ADV-2007-3897",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/3897"
            },
            {
              "name": "macosx-appfw-connect-bypass(38506)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38506"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-29T01:33Z",
      "publishedDate": "2007-11-15T20:46Z"
    }
  }
}

VAR-200711-0319

Vulnerability from variot - Updated: 2025-04-10 23:03

The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions. Apple Mac OS X 10.5's Application Firewall is prone to a misleading configuration weakness because of a flaw in the application's configuration dialog and documentation. This issue may lead to a false sense of security, potentially aiding in network-based attacks. Apple Mac OS X 10.5 is vulnerable to this issue.

2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published

How do you know which Secunia advisories are important to you?

The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively.

NOTE: The update changes the name of the option and updates the documentation.

3) Changes to Application Firewall settings do not affect processes started by launchd until they are restarted. This may lead to exposure of certain services.

Mac OS X 10.5.1 Update: http://www.apple.com/support/downloads/macosx1051update.html

Mac OS X Server 10.5.1 Update http://www.apple.com/support/downloads/macosxserver1051update.html

PROVIDED AND/OR DISCOVERED BY: J\xfcrgen Schmidt

ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307004

heise Security: http://www.heise-security.co.uk/articles/98120

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200711-0319",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "26461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000983"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-240"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4702"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x_server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000983"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-240"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-4702",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2007-4702",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.0,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2007-4702",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-28064",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2007-4702",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2007-4702",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200711-240",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-28064",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28064"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000983"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-240"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4702"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Application Firewall in Apple Mac OS X 10.5, when \"Block all incoming connections\" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions. Apple Mac OS X 10.5\u0027s Application Firewall is prone to a misleading configuration weakness because of a flaw in the application\u0027s configuration dialog and documentation. \nThis issue may lead to a false sense of security, potentially aiding in network-based attacks. \nApple Mac OS X 10.5 is vulnerable to this issue. \n\n----------------------------------------------------------------------\n\n2003: 2,700 advisories published\n2004: 3,100 advisories published\n2005: 4,600 advisories published\n2006: 5,300 advisories published\n\nHow do you know which Secunia advisories are important to you?\n\nThe Secunia Vulnerability Intelligence Solutions allows you to filter\nand structure all the information you need, so you can address issues\neffectively. \n\nNOTE: The update changes the name of the option and updates the\ndocumentation. \n\n3) Changes to Application Firewall settings do not affect processes\nstarted by launchd until they are restarted. This may lead to\nexposure of certain services. \n\nMac OS X 10.5.1 Update:\nhttp://www.apple.com/support/downloads/macosx1051update.html\n\nMac OS X Server 10.5.1 Update\nhttp://www.apple.com/support/downloads/macosxserver1051update.html\n\nPROVIDED AND/OR DISCOVERED BY:\nJ\\xfcrgen Schmidt\n\nORIGINAL ADVISORY:\nApple:\nhttp://docs.info.apple.com/article.html?artnum=307004\n\nheise Security:\nhttp://www.heise-security.co.uk/articles/98120\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-4702"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000983"
      },
      {
        "db": "BID",
        "id": "26461"
      },
      {
        "db": "VULHUB",
        "id": "VHN-28064"
      },
      {
        "db": "PACKETSTORM",
        "id": "61016"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "26461",
        "trust": 2.8
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4702",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "27695",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1018958",
        "trust": 2.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-3897",
        "trust": 1.7
      },
      {
        "db": "XF",
        "id": "38506",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000983",
        "trust": 0.8
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2007-11-15",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-240",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-28064",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "61016",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28064"
      },
      {
        "db": "BID",
        "id": "26461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000983"
      },
      {
        "db": "PACKETSTORM",
        "id": "61016"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-240"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4702"
      }
    ]
  },
  "id": "VAR-200711-0319",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28064"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-10T23:03:34.033000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Mac OS X v10.5.1 Update",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=307004-en"
      },
      {
        "title": "Mac OS X v10.5.1 Update",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=307004-jp"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000983"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-4702"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/26461"
      },
      {
        "trust": 2.5,
        "url": "http://securitytracker.com/id?1018958"
      },
      {
        "trust": 2.1,
        "url": "http://docs.info.apple.com/article.html?artnum=307004"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2007/nov/msg00004.html"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/27695"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2007/3897"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/38506"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/3897"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38506"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/27695/"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4702"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-4702"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosxserver1051update.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosx1051update.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/96/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.heise-security.co.uk/articles/98120"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28064"
      },
      {
        "db": "BID",
        "id": "26461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000983"
      },
      {
        "db": "PACKETSTORM",
        "id": "61016"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-240"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4702"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-28064"
      },
      {
        "db": "BID",
        "id": "26461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000983"
      },
      {
        "db": "PACKETSTORM",
        "id": "61016"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-240"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4702"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-11-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-28064"
      },
      {
        "date": "2007-11-15T00:00:00",
        "db": "BID",
        "id": "26461"
      },
      {
        "date": "2007-12-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-000983"
      },
      {
        "date": "2007-11-20T16:17:55",
        "db": "PACKETSTORM",
        "id": "61016"
      },
      {
        "date": "2007-11-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200711-240"
      },
      {
        "date": "2007-11-15T20:46:00",
        "db": "NVD",
        "id": "CVE-2007-4702"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-28064"
      },
      {
        "date": "2007-11-15T23:14:00",
        "db": "BID",
        "id": "26461"
      },
      {
        "date": "2007-12-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-000983"
      },
      {
        "date": "2007-11-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200711-240"
      },
      {
        "date": "2025-04-09T00:30:58.490000",
        "db": "NVD",
        "id": "CVE-2007-4702"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-240"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Mac OS X In bypassing application firewall restrictions in Windows",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000983"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "26461"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-240"
      }
    ],
    "trust": 0.9
  }
}

CERTA-2007-AVI-500

Vulnerability from certfr_avis - Published: 2007-11-16 - Updated: 2007-11-16

None

Description

De multiples vulnérabilités ont été découvertes dans la mise en œuvre du Firewall de la version Tiger de Mac OS X. Ces vulnérabilités permettent à un utilisateur mal intentionné de contourner les mécanismes de filtrage via des paquets spécialement contruits.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Mac OS X Server version 10.5.
	N/A	N/A	Mac OS X version 10.5 ;

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-4702 (GCVE-0-2007-4702)

GHSA-9P3Q-PPJF-98HP

FKIE_CVE-2007-4702

GSD-2007-4702

VAR-200711-0319

CERTA-2007-AVI-500

Description

Solution

Tags

Sightings

Nomenclature