CVE-2007-0318 - Vulnerability Details - OpenCVE

The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X

Configuration 1 [-]

cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://docs.info.apple.com/article.html?artnum=305214
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
http://projects.info-pull.com/moab/MOAB-13-01-2007.html
http://secunia.com/advisories/23742
http://secunia.com/advisories/24479
http://www.osvdb.org/32685
http://www.securitytracker.com/id?1017759
http://www.us-cert.gov/cas/techalerts/TA07-072A.html
http://www.vupen.com/english/advisories/2007/0171
http://www.vupen.com/english/advisories/2007/0930

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-01-18T00:00:00

Updated: 2024-08-07T12:12:18.001Z

Reserved: 2007-01-17T00:00:00

Link: CVE-2007-0318

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-01-18T00:28:00.000

Modified: 2024-11-21T00:25:34.053

Link: CVE-2007-0318

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-13T00:00:00", "descriptions": [{"lang": "en", "value": "The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-03-14T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "23742", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23742"}, {"name": "ADV-2007-0171", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0171"}, {"name": "TA07-072A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"}, {"name": "32685", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/32685"}, {"name": "APPLE-SA-2007-03-13", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=305214"}, {"name": "1017759", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1017759"}, {"tags": ["x_refsource_MISC"], "url": "http://projects.info-pull.com/moab/MOAB-13-01-2007.html"}, {"name": "ADV-2007-0930", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0930"}, {"name": "24479", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24479"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0318", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "23742", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23742"}, {"name": "ADV-2007-0171", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0171"}, {"name": "TA07-072A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"}, {"name": "32685", "refsource": "OSVDB", "url": "http://www.osvdb.org/32685"}, {"name": "APPLE-SA-2007-03-13", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"}, {"name": "http://docs.info.apple.com/article.html?artnum=305214", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=305214"}, {"name": "1017759", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017759"}, {"name": "http://projects.info-pull.com/moab/MOAB-13-01-2007.html", "refsource": "MISC", "url": "http://projects.info-pull.com/moab/MOAB-13-01-2007.html"}, {"name": "ADV-2007-0930", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0930"}, {"name": "24479", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24479"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:12:18.001Z"}, "title": "CVE Program Container", "references": [{"name": "23742", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23742"}, {"name": "ADV-2007-0171", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0171"}, {"name": "TA07-072A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"}, {"name": "32685", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/32685"}, {"name": "APPLE-SA-2007-03-13", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=305214"}, {"name": "1017759", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1017759"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://projects.info-pull.com/moab/MOAB-13-01-2007.html"}, {"name": "ADV-2007-0930", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0930"}, {"name": "24479", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24479"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0318", "datePublished": "2007-01-18T00:00:00", "dateReserved": "2007-01-17T00:00:00", "dateUpdated": "2024-08-07T12:12:18.001Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "09ED46A8-1739-411C-8807-2A416BDB6DFE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal."}, {"lang": "es", "value": "La funci\u00f3n do_hfs_truncate en el Mac OS X 10.4.8 permite a atacantes dependientes del entorno provocar una denegaci\u00f3n de servicio (kernel panic) mediante la manipulaci\u00f3n del sistema de archivos HFS+ en una imagen DMG, lo que provoca el acceso de una estructura vnode no v\u00e1lida durante la eliminaci\u00f3n de un fichero."}], "id": "CVE-2007-0318", "lastModified": "2024-11-21T00:25:34.053", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-01-18T00:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://docs.info.apple.com/article.html?artnum=305214"}, {"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"}, {"source": "cve@mitre.org", "url": "http://projects.info-pull.com/moab/MOAB-13-01-2007.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23742"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24479"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/32685"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1017759"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0171"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0930"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://docs.info.apple.com/article.html?artnum=305214"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://projects.info-pull.com/moab/MOAB-13-01-2007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23742"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24479"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/32685"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1017759"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0171"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0930"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}