CVE-2007-3749Improper Initialization in Apple MAC OS X

CWE-665Improper Initialization3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 64.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple MAC OS X
Timeline
PublishedNov 15
Latest updateMay 1

Description

The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the port before launching the setuid program, then writing to the address space of the setuid process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDapple/mac_os_x10.4.010.4.10

🔴Vulnerability Details

1
GHSA
GHSA-57wq-ccpj-f5j9: The kernel in Apple Mac OS X 102022-05-01

📐Framework References

1
CWE
Improper Initialization