Vulnerabilities > CVE-2007-3828 - Remote Code Execution vulnerability in Apple Mac OS X mDNSResponder Variant

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
apple
critical
nessus

Summary

Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows remote attackers to execute arbitrary code via unspecified vectors, a related issue to CVE-2007-2386.

Nessus

NASL familyGentoo Local Security Checks
NASL idGENTOO_GLSA-201201-05.NASL
descriptionThe remote host is affected by the vulnerability described in GLSA-201201-05 (mDNSResponder: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in mDNSResponder. Please review the CVE identifiers referenced below for details. Impact : A local or remote attacker may be able to execute arbitrary code with root privileges or cause a Denial of Service. Workaround : There is no known workaround at this time.
last seen2020-06-01
modified2020-06-02
plugin id57631
published2012-01-23
reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/57631
titleGLSA-201201-05 : mDNSResponder: Multiple vulnerabilities
code
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201201-05.
#
# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(57631);
  script_version("1.7");
  script_cvs_date("Date: 2018/07/11 17:09:26");

  script_cve_id("CVE-2007-2386", "CVE-2007-3744", "CVE-2007-3828", "CVE-2008-0989", "CVE-2008-2326", "CVE-2008-3630");
  script_bugtraq_id(24159, 24924, 25159, 28339, 31091, 31093);
  script_xref(name:"GLSA", value:"201201-05");

  script_name(english:"GLSA-201201-05 : mDNSResponder: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-201201-05
(mDNSResponder: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in mDNSResponder. Please
      review the CVE identifiers referenced below for details.
  
Impact :

    A local or remote attacker may be able to execute arbitrary code with
      root privileges or cause a Denial of Service.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/201201-05"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All mDNSResponder users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=net-misc/mDNSResponder-212.1'
    NOTE: This is a legacy GLSA. Updates for all affected architectures are
      available since November 21, 2009. It is likely that your system is
      already no longer affected by this issue."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Mac OS X mDNSResponder UPnP Location Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(20, 119, 134);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mDNSResponder");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/01/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/23");
  script_set_attribute(attribute:"vuln_publication_date", value:"2007/05/25");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"net-misc/mDNSResponder", unaffected:make_list("ge 212.1"), vulnerable:make_list("lt 212.1"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mDNSResponder");
}