CVE-2007-0710
published 2007-02-16CVE-2007-0710: The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (persistent application crash) via unspecified…
PriorityP414low2.1CVSS 2.0
AVLACLAuNCNINAP
EXPLOIT
EPSS
3.26%
86.8th percentile
The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (persistent application crash) via unspecified vectors, possibly related to CVE-2007-0614.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2007-3392 Wireshark crashes when inspecting MMS traffic
bugzilla·2007-06-29·CVSS 5.0
CVE-2007-3392 [MEDIUM] CVE-2007-3392 Wireshark crashes when inspecting MMS traffic
CVE-2007-3392 Wireshark crashes when inspecting MMS traffic
+++ This bug was initially created as a clone of Bug #246225 +++
Description of problem:
Wireshark was reported to crash due to NULL pointer dereference when
attempting to dissect a fuzzed MMS traffic traffic.
Version-Release number of selected component (if applicable):
Wireshark 0.99.5
Additional info:
This is fixed in upstream revision 20837.
I was not able to reproduce this on an x86_64 architecture box.
Discussion:
Created attachment 158202
Capture file of MMS traffic that crashes Wireshark
---
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2007-0710.html
http://rhn.redhat.com/errata/RHSA-2007-0709.html
http://rhn.redhat.com/errata/RHSA-2008-0059.html
---
Reporter change
Bugzilla
CVE-2007-3393 Wireshark corrupts the stack when inspecting BOOTP traffic
bugzilla·2007-06-29·CVSS 5.0
CVE-2007-3393 [MEDIUM] CVE-2007-3393 Wireshark corrupts the stack when inspecting BOOTP traffic
CVE-2007-3393 Wireshark corrupts the stack when inspecting BOOTP traffic
Description of problem:
Wireshark was repored to crash with an evidence of a stack corruption when
when dissecting certain BOOTP/DHCP traffic.
Version-Release number of selected component (if applicable):
Wireshark 0.99.5
Additional info:
This is fixed in upstream revision 21947. I was not able to reproduce the
crash on an x86_64 machine either with or without stack protector turned on.
Will try on i386 later. Most likely this is just overflow by one word, so can
not lead to arbitrary code execution.
Discussion:
Created attachment 158196
Capture file of BOOTP traffic that crashes Wireshark
---
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2007-0710.html
http://rhn.
Bugzilla
CVE-2007-3392 Wireshark loops infinitely when inspecting SSL traffic
bugzilla·2007-06-26·CVSS 5.0
CVE-2007-3392 [MEDIUM] CVE-2007-3392 Wireshark loops infinitely when inspecting SSL traffic
CVE-2007-3392 Wireshark loops infinitely when inspecting SSL traffic
Description of problem:
Wireshark enters an infinite loop when dissecting certain SSL traffic.
Version-Release number of selected component (if applicable):
Wireshark 0.99.5
Additional info:
No reproducer is available. This is fixed in upstream revision 21665.
Discussion:
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2007-0710.html
http://rhn.redhat.com/errata/RHSA-2007-0709.html
http://rhn.redhat.com/errata/RHSA-2008-0059.html
---
Reporter changed to [email protected] by request of Jay Turner.
Bugzilla
CVE-2007-3389 Wireshark crashes when inspecting HTTP traffic
bugzilla·2007-06-26·CVSS 5.0
CVE-2007-3389 [MEDIUM] CVE-2007-3389 Wireshark crashes when inspecting HTTP traffic
CVE-2007-3389 Wireshark crashes when inspecting HTTP traffic
Description of problem:
Wireshark crashes due to assertion fail when dissecting certain
HTTP traffic.
Version-Release number of selected component (if applicable):
Wireshark 0.99.5
Steps to Reproduce:
1. Open the attached capture with the Wireshark GUI
2. Click on the last HTTP packet
Additional info:
This is fixed in upstream revision 21034.
Discussion:
Created attachment 157935
Capture file of HTTP traffic that crashes Wireshark
---
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2007-0710.html
http://rhn.redhat.com/errata/RHSA-2007-0709.html
http://rhn.redhat.com/errata/RHSA-2008-0059.html
---
Reporter changed to [email protected] by request of Jay Turner.
http://docs.info.apple.com/article.html?artnum=305102http://lists.apple.com/archives/Security-announce/2007/Feb/msg00000.htmlhttp://secunia.com/advisories/24198http://www.kb.cert.org/vuls/id/836024http://www.osvdb.org/32713http://www.securityfocus.com/bid/22304http://www.securitytracker.com/id?1017661http://docs.info.apple.com/article.html?artnum=305102http://lists.apple.com/archives/Security-announce/2007/Feb/msg00000.htmlhttp://secunia.com/advisories/24198http://www.kb.cert.org/vuls/id/836024http://www.osvdb.org/32713http://www.securityfocus.com/bid/22304http://www.securitytracker.com/id?1017661
2007-02-16
Published