Vulnerabilities > CVE-2007-2386 - Multiple Security vulnerability in Apple Mac OS X 2007-005
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
NONE Availability impact
COMPLETE Summary
Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 9 |
Exploit-Db
| description | Mac OS X mDNSResponder UPnP Location Overflow. CVE-2007-2386. Remote exploit for osx platform |
| id | EDB-ID:16871 |
| last seen | 2016-02-02 |
| modified | 2011-01-08 |
| published | 2011-01-08 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/16871/ |
| title | Mac OS X mDNSResponder UPnP Location Overflow |
Metasploit
| description | This module exploits a buffer overflow that occurs when processing specially crafted requests set to mDNSResponder. All Mac OS X systems between version 10.4 and 10.4.9 (without the 2007-005 patch) are affected. |
| id | MSF:EXPLOIT/OSX/MDNS/UPNP_LOCATION |
| last seen | 2020-06-14 |
| modified | 2017-07-24 |
| published | 2009-03-18 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/osx/mdns/upnp_location.rb |
| title | Mac OS X mDNSResponder UPnP Location Overflow |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201201-05.NASL description The remote host is affected by the vulnerability described in GLSA-201201-05 (mDNSResponder: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in mDNSResponder. Please review the CVE identifiers referenced below for details. Impact : A local or remote attacker may be able to execute arbitrary code with root privileges or cause a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 57631 published 2012-01-23 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57631 title GLSA-201201-05 : mDNSResponder: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201201-05. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(57631); script_version("1.7"); script_cvs_date("Date: 2018/07/11 17:09:26"); script_cve_id("CVE-2007-2386", "CVE-2007-3744", "CVE-2007-3828", "CVE-2008-0989", "CVE-2008-2326", "CVE-2008-3630"); script_bugtraq_id(24159, 24924, 25159, 28339, 31091, 31093); script_xref(name:"GLSA", value:"201201-05"); script_name(english:"GLSA-201201-05 : mDNSResponder: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201201-05 (mDNSResponder: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in mDNSResponder. Please review the CVE identifiers referenced below for details. Impact : A local or remote attacker may be able to execute arbitrary code with root privileges or cause a Denial of Service. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201201-05" ); script_set_attribute( attribute:"solution", value: "All mDNSResponder users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-misc/mDNSResponder-212.1' NOTE: This is a legacy GLSA. Updates for all affected architectures are available since November 21, 2009. It is likely that your system is already no longer affected by this issue." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Mac OS X mDNSResponder UPnP Location Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 119, 134); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mDNSResponder"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2012/01/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/23"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/05/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-misc/mDNSResponder", unaffected:make_list("ge 212.1"), vulnerable:make_list("lt 212.1"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mDNSResponder"); }NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2007-005.NASL description The remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2007-005 applied. This update fixes security flaws in the following applications : Alias Manager BIND CoreGraphics crontabs fetchmail file iChat mDNSResponder PPP ruby screen texinfo VPN last seen 2020-06-01 modified 2020-06-02 plugin id 25297 published 2007-05-25 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25297 title Mac OS X Multiple Vulnerabilities (Security Update 2007-005) code # # (C) Tenable Network Security, Inc. # if ( ! defined_func("bn_random") ) exit(0); if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if(description) { script_id(25297); script_version ("1.18"); script_cve_id("CVE-2005-3011", "CVE-2006-4095", "CVE-2006-4096", "CVE-2006-4573", "CVE-2006-5467", "CVE-2006-6303", "CVE-2007-0493", "CVE-2007-0494", "CVE-2007-0740", "CVE-2007-0750", "CVE-2007-0751", "CVE-2007-0752", "CVE-2007-0753", "CVE-2007-1536", "CVE-2007-1558", "CVE-2007-2386", "CVE-2007-2390"); script_bugtraq_id(24144, 24159); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2007-005)"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes several security issues." ); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2007-005 applied. This update fixes security flaws in the following applications : Alias Manager BIND CoreGraphics crontabs fetchmail file iChat mDNSResponder PPP ruby screen texinfo VPN" ); script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=305530" ); script_set_attribute(attribute:"solution", value: "Install Security Update 2007-005 : http://www.apple.com/support/downloads/securityupdate2007005universal.html" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Mac OS X mDNSResponder UPnP Location Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(134, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2007/05/25"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/09/14"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_set_attribute(attribute:"patch_publication_date", value: "2007/05/29"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_summary(english:"Check for the presence of Security Update 2007-004"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_family(english:"MacOS X Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages"); exit(0); } packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); uname = get_kb_item("Host/uname"); if ( egrep(pattern:"Darwin.* (7\.[0-9]\.|8\.[0-9]\.)", string:uname) ) { if (!egrep(pattern:"^SecUpd(Srvr)?(2007-00[5-9]|200[89]-|20[1-9][0-9]-)", string:packages)) security_hole(0); }
References
- http://docs.info.apple.com/article.html?artnum=305530
- http://lists.apple.com/archives/security-announce/2007/Jun/msg00001.html
- http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
- http://secunia.com/advisories/25402
- http://secunia.com/advisories/25745
- http://www.kb.cert.org/vuls/id/221876
- http://www.osvdb.org/35142
- http://www.securityfocus.com/bid/24144
- http://www.securityfocus.com/bid/24159
- http://www.securitytracker.com/id?1018123
- http://www.vupen.com/english/advisories/2007/1939
- http://www.vupen.com/english/advisories/2007/2269
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34493