Description
Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message with a negative value, which satisfies a signed comparison during mbuf allocation but is later interpreted as an unsigned value, which triggers a heap-based buffer overflow.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Apple / mac_os_x10.4.0 – 10.4.10
References
- MISChttp://securitytracker.com/id?1018950
- MISChttp://www.securityfocus.com/bid/26444
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/38476
- MISChttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=628
- MAILING_LISThttp://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
- VENDOR_ADVISORYhttp://docs.info.apple.com/article.html?artnum=307041
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/3868
- VENDOR_ADVISORYhttp://secunia.com/advisories/27643
- MISChttp://www.us-cert.gov/cas/techalerts/TA07-319A.html