Vulnerabilities > CVE-2007-0613 - Remote Denial of Service vulnerability in Apple Ichat, Instant Message Framework and Mdnsresponder

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
apple
nessus
exploit available

Summary

The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 does not check for duplicate entries when adding newly discovered available contacts, which allows remote attackers to cause a denial of service (disrupted communication) via a flood of duplicate _presence._tcp mDNS queries.

Vulnerable Configurations

Part Description Count
Application
Apple
3

Exploit-Db

descriptionApple iChat Bonjour 3.1.6.441 Multiple Denial of Service Exploit. CVE-2007-0613,CVE-2007-0614,CVE-2007-0710. Dos exploit for osx platform
idEDB-ID:3230
last seen2016-01-31
modified2007-01-30
published2007-01-30
reporterMoAB
sourcehttps://www.exploit-db.com/download/3230/
titleApple iChat Bonjour 3.1.6.441 - Multiple Denial of Service Exploit

Nessus

NASL familyMacOS X Local Security Checks
NASL idMACOSX_SECUPD2007-002.NASL
descriptionThe remote host is running a version of Mac OS X 10.4 that does not have Security Update 2007-002 applied. This update fixes security flaws in the following applications : - Finder - iChat - UserNotification
last seen2020-06-01
modified2020-06-02
plugin id24354
published2007-02-16
reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/24354
titleMac OS X Multiple Vulnerabilities (Security Update 2007-002)
code
#
# (C) Tenable Network Security, Inc.
#

if ( ! defined_func("bn_random") ) exit(0);

include("compat.inc");

if(description)
{
 script_id(24354);
 script_version ("1.16");

 script_cve_id("CVE-2007-0021", "CVE-2007-0023", "CVE-2007-0197", "CVE-2007-0613", "CVE-2007-0614", "CVE-2007-0710");
 script_bugtraq_id(21980, 22146, 22188, 22304);

 script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2007-002)");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a Mac OS X update which fixes several
security issues." );
 script_set_attribute(attribute:"description", value:
"The remote host is running a version of Mac OS X 10.4 that does not
have Security Update 2007-002 applied. 

This update fixes security flaws in the following applications :

- Finder
- iChat
- UserNotification" );
 # http://web.archive.org/web/20080110231039/http://docs.info.apple.com/article.html?artnum=305102
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?22a97335" );
 script_set_attribute(attribute:"solution", value:
"Install Security Update 2007-002 :

http://www.apple.com/support/downloads/securityupdate2007002universal.html
http://www.apple.com/support/downloads/securityupdate2007002panther.html" );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_cwe_id(20, 119, 399);

 script_set_attribute(attribute:"plugin_publication_date", value: "2007/02/16");
 script_set_attribute(attribute:"vuln_publication_date", value: "2007/01/09");
 script_set_attribute(attribute:"patch_publication_date", value: "2007/02/15");
 script_cvs_date("Date: 2018/07/14  1:59:35");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
script_end_attributes();

 script_summary(english:"Check for the presence of the SecUpdate 2007-002");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
 script_family(english:"MacOS X Local Security Checks");
 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/MacOSX/packages");
 exit(0);
}

#

packages = get_kb_item("Host/MacOSX/packages");
if ( ! packages ) exit(0);



uname = get_kb_item("Host/uname");
if ( egrep(pattern:"Darwin.* (7\.[0-9]\.|8\.[0-8]\.)", string:uname) )
{
  if (!egrep(pattern:"^SecUpd(Srvr)?(2007-00[2-9]|200[89]-|20[1-9][0-9]-)", string:packages)) 
    security_hole(0);
}