CERTA-2007-AVI-124

Vulnerability from certfr_avis - Published: 2007-03-14 - Updated: 2007-03-14

Plusieurs vulnérabilités affectent MacOS X. Les plus graves permettent à une personne malintentionnée d'exécuter du code arbitraire à distance.

Description

Plusieurs composants de MacOS X sont sujets à des vulnérabilités, les plus graves permettant à un attaquant distant d'exécuter du code arbitraire.

Les composants impactés sont : ColorSync (CVE-2007-0719), CoreGraphics, Crash Reporter (CVE-2007-0467), CUPS (CVE-2007-0720), Disk Images (CVE-2007-0721, CVE-2007-0722, CVE-2006-6061, CVE-2006-6062, CVE-2006-5679, CVE-2007-0229, CVE-2007-0267, CVE-2007-0299), DS Plug-Ins (CVE-2007-0723), Flash Player (CVE-2006-5330), GNU Tar (CVE-2006-0300, CVE-2006-6097), HFS (CVE-2007-0318), HID Family (CVE-2007-0724), ImageIO (CVE-2007-1071, CVE-2007-0733), Kernel (CVE-2006-5836, CVE-2006-6129, CVE-2006-6173), MySQL Server (CVE-2006-1516, CVE-2006-1517, CVE-2006-2753, CVE-2006-3081, CVE-2006-4031, CVE-2006-4226, CVE-2006-3469), Networking (CVE-2006-6130, CVE-2007-0236), OpenSSH (CVE-2007-0726, CVE-2006-0225, CVE-2006-4924, CVE-2006-5051, CVE-2006-5052), Printing (CVE-2007-0728), QuickDraw Manager (CVE-2007-0588), servermgrd (CVE-2007-0730), SMB File Server (CVE-2007-0731), Software Update (CVE-2007-0463), sudo (CVE-2005-2959), WebLog (CVE-2006-4829).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Apple macOS MacOS X 10.3.9 et MacOS X Server 10.3.9 ;
Apple macOS MacOS X 10.4 et MacOS X Server 10.4.
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MacOS X 10.3.9 et MacOS X Server 10.3.9 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "MacOS X 10.4 et MacOS X Server 10.4.",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs composants de MacOS X sont sujets \u00e0 des vuln\u00e9rabilit\u00e9s, les\nplus graves permettant \u00e0 un attaquant distant d\u0027ex\u00e9cuter du code\narbitraire.  \n\nLes composants impact\u00e9s sont : ColorSync (CVE-2007-0719), CoreGraphics,\nCrash Reporter (CVE-2007-0467), CUPS (CVE-2007-0720), Disk Images\n(CVE-2007-0721, CVE-2007-0722, CVE-2006-6061, CVE-2006-6062,\nCVE-2006-5679, CVE-2007-0229, CVE-2007-0267, CVE-2007-0299), DS Plug-Ins\n(CVE-2007-0723), Flash Player (CVE-2006-5330), GNU Tar (CVE-2006-0300,\nCVE-2006-6097), HFS (CVE-2007-0318), HID Family (CVE-2007-0724), ImageIO\n(CVE-2007-1071, CVE-2007-0733), Kernel (CVE-2006-5836, CVE-2006-6129,\nCVE-2006-6173), MySQL Server (CVE-2006-1516, CVE-2006-1517,\nCVE-2006-2753, CVE-2006-3081, CVE-2006-4031, CVE-2006-4226,\nCVE-2006-3469), Networking (CVE-2006-6130, CVE-2007-0236), OpenSSH\n(CVE-2007-0726, CVE-2006-0225, CVE-2006-4924, CVE-2006-5051,\nCVE-2006-5052), Printing (CVE-2007-0728), QuickDraw Manager\n(CVE-2007-0588), servermgrd (CVE-2007-0730), SMB File Server\n(CVE-2007-0731), Software Update (CVE-2007-0463), sudo (CVE-2005-2959),\nWebLog (CVE-2006-4829).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-3469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3469"
    },
    {
      "name": "CVE-2006-6061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6061"
    },
    {
      "name": "CVE-2006-2753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2753"
    },
    {
      "name": "CVE-2007-0722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0722"
    },
    {
      "name": "CVE-2007-0229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0229"
    },
    {
      "name": "CVE-2006-6173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6173"
    },
    {
      "name": "CVE-2007-0733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0733"
    },
    {
      "name": "CVE-2006-5836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5836"
    },
    {
      "name": "CVE-2007-0720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0720"
    },
    {
      "name": "CVE-2006-5052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5052"
    },
    {
      "name": "CVE-2006-3081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3081"
    },
    {
      "name": "CVE-2007-0318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0318"
    },
    {
      "name": "CVE-2007-0236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0236"
    },
    {
      "name": "CVE-2006-4829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4829"
    },
    {
      "name": "CVE-2006-1517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1517"
    },
    {
      "name": "CVE-2006-4924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4924"
    },
    {
      "name": "CVE-2005-2959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-2959"
    },
    {
      "name": "CVE-2007-0728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0728"
    },
    {
      "name": "CVE-2006-6129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6129"
    },
    {
      "name": "CVE-2007-0267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0267"
    },
    {
      "name": "CVE-2007-0731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0731"
    },
    {
      "name": "CVE-2007-0726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0726"
    },
    {
      "name": "CVE-2006-4226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4226"
    },
    {
      "name": "CVE-2007-0299",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0299"
    },
    {
      "name": "CVE-2007-0724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0724"
    },
    {
      "name": "CVE-2007-1071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1071"
    },
    {
      "name": "CVE-2006-4031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4031"
    },
    {
      "name": "CVE-2007-0588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0588"
    },
    {
      "name": "CVE-2006-1516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1516"
    },
    {
      "name": "CVE-2006-5679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5679"
    },
    {
      "name": "CVE-2007-0721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0721"
    },
    {
      "name": "CVE-2006-6130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6130"
    },
    {
      "name": "CVE-2006-5330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5330"
    },
    {
      "name": "CVE-2007-0730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0730"
    },
    {
      "name": "CVE-2006-0300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0300"
    },
    {
      "name": "CVE-2007-0719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0719"
    },
    {
      "name": "CVE-2006-6062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6062"
    },
    {
      "name": "CVE-2006-0225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0225"
    },
    {
      "name": "CVE-2006-5051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5051"
    },
    {
      "name": "CVE-2007-0467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0467"
    },
    {
      "name": "CVE-2007-0463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0463"
    },
    {
      "name": "CVE-2006-6097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6097"
    },
    {
      "name": "CVE-2007-0723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0723"
    }
  ],
  "initial_release_date": "2007-03-14T00:00:00",
  "last_revision_date": "2007-03-14T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 12 mars 2007 :",
      "url": "http://docs.info.apple.com/article.html?artnum=305214"
    }
  ],
  "reference": "CERTA-2007-AVI-124",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-03-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectent MacOS X. Les plus graves permettent \u00e0\nune personne malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans MacOS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 2007-003 de MacOS X",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.