CVE-2007-0229 - CVE Reference - Advisories

CVE Reference: CVE-2007-0229

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-0229

Description: Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/31409 ST 1017751 SAID Secunia Advisory: SA23703 Secunia Advisory: SA24479 OSVDB 32684 MLIST http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html MISC http://projects.info-pull.com/moab/MOAB-10-01-2007.html http://applefun.blogspot.com/2007/01/moab-10-01-2007-apple-dmg-ufs.html CONFIRM http://docs.info.apple.com/article.html?artnum=305214 CERT http://www.us-cert.gov/cas/techalerts/TA07-072A.html BID 21993 APPLE http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html

Return to the previous page.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	OpenBSD BIND Query Port DNS Cache Poisoning

2.	Red Hat update for kernel

3.	Linux Kernel LDT Buffer Size Handling Vulnerability

4.	Drupal Session Fixation Vulnerability

5.	IPCop update for perl

6.	Debian update for clamav

7.	Ubuntu update for php

8.	Debian update for xulrunner

9.	Apple Safari Cross-Domain Cookie Injection Vulnerability

10.	dnsmasq Denial of Service and DNS Cache Poisoning