Vulnerabilities > CVE-2007-0613 - Unspecified vulnerability in Apple Ichat, Instant Message Framework and Mdnsresponder

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

apple

nessus

exploit available

NVD

Published: 2007-01-31

Updated: 2008-09-05

Summary

The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 does not check for duplicate entries when adding newly discovered available contacts, which allows remote attackers to cause a denial of service (disrupted communication) via a flood of duplicate _presence._tcp mDNS queries.

Vulnerable Configurations

Part	Description	Count
Application	Apple Apple Instant Message Framework 428 Apple Ichat 3.1.6 Apple Mdnsresponder *	3

Exploit-Db

description	Apple iChat Bonjour 3.1.6.441 Multiple Denial of Service Exploit. CVE-2007-0613,CVE-2007-0614,CVE-2007-0710. Dos exploit for osx platform
id	EDB-ID:3230
last seen	2016-01-31
modified	2007-01-30
published	2007-01-30
reporter	MoAB
source	https://www.exploit-db.com/download/3230/
title	Apple iChat Bonjour 3.1.6.441 - Multiple Denial of Service Exploit

Nessus

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD2007-002.NASL
description	The remote host is running a version of Mac OS X 10.4 that does not have Security Update 2007-002 applied. This update fixes security flaws in the following applications : - Finder - iChat - UserNotification
last seen	2020-06-01
modified	2020-06-02
plugin id	24354
published	2007-02-16
reporter	This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/24354
title	Mac OS X Multiple Vulnerabilities (Security Update 2007-002)
code	# # (C) Tenable Network Security, Inc. # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(24354); script_version ("1.16"); script_cve_id("CVE-2007-0021", "CVE-2007-0023", "CVE-2007-0197", "CVE-2007-0613", "CVE-2007-0614", "CVE-2007-0710"); script_bugtraq_id(21980, 22146, 22188, 22304); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2007-002)"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update which fixes several security issues." ); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.4 that does not have Security Update 2007-002 applied. This update fixes security flaws in the following applications : - Finder - iChat - UserNotification" ); # http://web.archive.org/web/20080110231039/http://docs.info.apple.com/article.html?artnum=305102 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?22a97335" ); script_set_attribute(attribute:"solution", value: "Install Security Update 2007-002 : http://www.apple.com/support/downloads/securityupdate2007002universal.html http://www.apple.com/support/downloads/securityupdate2007002panther.html" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 119, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2007/02/16"); script_set_attribute(attribute:"vuln_publication_date", value: "2007/01/09"); script_set_attribute(attribute:"patch_publication_date", value: "2007/02/15"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_summary(english:"Check for the presence of the SecUpdate 2007-002"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_family(english:"MacOS X Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages"); exit(0); } # packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); uname = get_kb_item("Host/uname"); if ( egrep(pattern:"Darwin.* (7\.[0-9]\.\|8\.[0-8]\.)", string:uname) ) { if (!egrep(pattern:"^SecUpd(Srvr)?(2007-00[2-9]\|200[89]-\|20[1-9][0-9]-)", string:packages)) security_hole(0); }

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References