CVE-2007-0229 - Vulnerability Details - OpenCVE

Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X Mac Os X Server
Freebsd	Freebsd

Configuration 1 [-]

OR	cpe:2.3:o:apple:mac_os_x:10.4.8:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.8:::::::*
	cpe:2.3:o:freebsd:freebsd:6.1:::::::*

No data.

References

Link	Providers
http://applefun.blogspot.com/2007/01/moab-10-01-2007-apple-dmg-ufs.html
http://docs.info.apple.com/article.html?artnum=305214
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html
http://projects.info-pull.com/moab/MOAB-10-01-2007.html
http://secunia.com/advisories/23703
http://secunia.com/advisories/24479
http://www.osvdb.org/32684
http://www.securityfocus.com/bid/21993
http://www.securitytracker.com/id?1017751
http://www.us-cert.gov/cas/techalerts/TA07-072A.html
http://www.vupen.com/english/advisories/2007/0141
http://www.vupen.com/english/advisories/2007/0930
https://exchange.xforce.ibmcloud.com/vulnerabilities/31409

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-01-13T02:00:00

Updated: 2024-08-07T12:12:17.994Z

Reserved: 2007-01-12T00:00:00

Link: CVE-2007-0229

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-01-13T02:28:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-0229

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-10T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes \"allocation of a negative size buffer\" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://projects.info-pull.com/moab/MOAB-10-01-2007.html"}, {"name": "TA07-072A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"}, {"name": "32684", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/32684"}, {"name": "[freebsd-security] 20070114 MOAB advisories", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html"}, {"name": "ADV-2007-0141", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0141"}, {"name": "APPLE-SA-2007-03-13", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=305214"}, {"name": "1017751", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1017751"}, {"name": "21993", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21993"}, {"name": "macos-ffsmountfs-bo(31409)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31409"}, {"name": "23703", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23703"}, {"tags": ["x_refsource_MISC"], "url": "http://applefun.blogspot.com/2007/01/moab-10-01-2007-apple-dmg-ufs.html"}, {"name": "ADV-2007-0930", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0930"}, {"name": "24479", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24479"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0229", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes \"allocation of a negative size buffer\" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://projects.info-pull.com/moab/MOAB-10-01-2007.html", "refsource": "MISC", "url": "http://projects.info-pull.com/moab/MOAB-10-01-2007.html"}, {"name": "TA07-072A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"}, {"name": "32684", "refsource": "OSVDB", "url": "http://www.osvdb.org/32684"}, {"name": "[freebsd-security] 20070114 MOAB advisories", "refsource": "MLIST", "url": "http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html"}, {"name": "ADV-2007-0141", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0141"}, {"name": "APPLE-SA-2007-03-13", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"}, {"name": "http://docs.info.apple.com/article.html?artnum=305214", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=305214"}, {"name": "1017751", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017751"}, {"name": "21993", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21993"}, {"name": "macos-ffsmountfs-bo(31409)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31409"}, {"name": "23703", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23703"}, {"name": "http://applefun.blogspot.com/2007/01/moab-10-01-2007-apple-dmg-ufs.html", "refsource": "MISC", "url": "http://applefun.blogspot.com/2007/01/moab-10-01-2007-apple-dmg-ufs.html"}, {"name": "ADV-2007-0930", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0930"}, {"name": "24479", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24479"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:12:17.994Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://projects.info-pull.com/moab/MOAB-10-01-2007.html"}, {"name": "TA07-072A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"}, {"name": "32684", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/32684"}, {"name": "[freebsd-security] 20070114 MOAB advisories", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html"}, {"name": "ADV-2007-0141", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0141"}, {"name": "APPLE-SA-2007-03-13", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=305214"}, {"name": "1017751", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1017751"}, {"name": "21993", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21993"}, {"name": "macos-ffsmountfs-bo(31409)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31409"}, {"name": "23703", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23703"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://applefun.blogspot.com/2007/01/moab-10-01-2007-apple-dmg-ufs.html"}, {"name": "ADV-2007-0930", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0930"}, {"name": "24479", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24479"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0229", "datePublished": "2007-01-13T02:00:00", "dateReserved": "2007-01-12T00:00:00", "dateUpdated": "2024-08-07T12:12:17.994Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "09ED46A8-1739-411C-8807-2A416BDB6DFE", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "504D78AB-5374-48C9-B357-DB6BD2267D2D", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "F4416CBA-76B9-4051-B015-F1BE89517309", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes \"allocation of a negative size buffer\" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem."}, {"lang": "es", "value": "Un desbordamiento de enteros en la funci\u00f3n ffs_mountfs en Mac OS X versi\u00f3n 10.4.8 y FreeBSD versi\u00f3n 6.1, permite a los usuarios locales causar una denegaci\u00f3n de servicio (p\u00e1nico) y posiblemente conseguir privilegios por medio de una imagen DMG dise\u00f1ada que causa la \"allocation of a negative size buffer\" conllevando a un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria, un problema relacionado con CVE-2006-5679. NOTA: un tercero declara que este problema no cruza los l\u00edmites de privilegios en FreeBSD porque solo el root puede montar un sistema de archivos."}], "id": "CVE-2007-0229", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-01-13T02:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://applefun.blogspot.com/2007/01/moab-10-01-2007-apple-dmg-ufs.html"}, {"source": "cve@mitre.org", "url": "http://docs.info.apple.com/article.html?artnum=305214"}, {"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"}, {"source": "cve@mitre.org", "url": "http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://projects.info-pull.com/moab/MOAB-10-01-2007.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23703"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24479"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/32684"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/21993"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1017751"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/0141"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/0930"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31409"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://applefun.blogspot.com/2007/01/moab-10-01-2007-apple-dmg-ufs.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://docs.info.apple.com/article.html?artnum=305214"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://projects.info-pull.com/moab/MOAB-10-01-2007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23703"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24479"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/32684"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/21993"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1017751"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/0141"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/0930"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31409"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}