Apple Mac Os X Server vulnerabilities

CVE-2007-4703 [CRITICAL] CVE-2007-4703: The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incom The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable, which might allow remote attackers or local root processes to bypass intended access restrictions.

CVE-2007-4687 [CRITICAL] CWE-16 CVE-2007-4687: The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the t The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files.

CVE-2007-4686 [HIGH] CWE-189 CVE-2007-4686: Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or gain privileges via a crafted TIOCSETD ioctl request.

CVE-2007-4685 [HIGH] CWE-264 CVE-2007-4685: The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state."

CVE-2007-4269 [HIGH] CWE-189 CVE-2007-4269: Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local use Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk socket, which triggers a heap-based buffer overflow.

CVE-2007-4693 [HIGH] CWE-287 CVE-2007-4693: The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access t The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields."

CVE-2007-4678 [HIGH] CVE-2007-4678: AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of se AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted.

CVE-2007-4700 [HIGH] CWE-264 CVE-2007-4700: Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers t Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors.

CVE-2007-4695 [MEDIUM] CWE-20 CVE-2007-4695: Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allow Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads.

CVE-2007-4688 [MEDIUM] CWE-200 CVE-2007-4688: The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain al The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query.

CVE-2007-4694 [MEDIUM] CWE-264 CVE-2007-4694: Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via fi Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs.

CVE-2007-4696 [MEDIUM] CWE-362 CVE-2007-4696: Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain i Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari.

CVE-2007-4697 [MEDIUM] CVE-2007-4697: Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption.

CVE-2007-4701 [LOW] CWE-264 CVE-2007-4701: WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari i WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file.

CVE-2007-1661 [MEDIUM] CVE-2007-1661: Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certai Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.

CVE-2007-2404 [MEDIUM] CVE-2007-2404: CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allow CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting (XSS) attacks.

CVE-2007-3744 [MEDIUM] CWE-119 CVE-2007-3744: Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Prot Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet.

CVE-2007-3798 [CRITICAL] CWE-252 CVE-2007-3798: Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote atta Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.

CVE-2007-1863 [MEDIUM] CVE-2007-1863: cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a th cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.

CVE-2007-2399 [CRITICAL] CVE-2007-2399: WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.