Vulnerabilities > CVE-2007-4704 - Unspecified vulnerability in Apple mac OS X 10.5

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

apple

nessus

NVD

Published: 2007-11-15

Updated: 2024-11-21

Summary

The Application Firewall in Apple Mac OS X 10.5 does not apply changed settings to processes that are started by launchd until the processes are restarted, which might allow attackers to bypass intended access restrictions.

Vulnerable Configurations

Part	Description	Count
OS	Apple Apple MAC OS X 10.5	1

Nessus

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_10_5_1.NASL
description	The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.1. This update contains several security fixes for the application Firewall.
last seen	2020-06-01
modified	2020-06-02
plugin id	28252
published	2007-11-16
reporter	This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/28252
title	Mac OS X 10.5.x < 10.5.1 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(28252); script_version ("1.20"); script_cve_id("CVE-2007-4702", "CVE-2007-4703", "CVE-2007-4704"); script_bugtraq_id(26459, 26460, 26461); script_name(english:"Mac OS X 10.5.x < 10.5.1 Multiple Vulnerabilities"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update which fixes a security issue." ); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.1. This update contains several security fixes for the application Firewall." ); script_set_attribute(attribute:"solution", value: "Upgrade to Mac OS X 10.5.1 : http://www.apple.com/support/downloads/macosx1051update.html" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=307004" ); script_set_attribute(attribute:"plugin_publication_date", value: "2007/11/16"); script_set_attribute(attribute:"patch_publication_date", value: "2007/11/15"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_summary(english:"Check for the version of Mac OS X"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_family(english:"MacOS X Local Security Checks"); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); exit(0); } os = get_kb_item("Host/MacOSX/Version"); if ( ! os ) { os = get_kb_item("Host/OS"); if (! os ) exit(0); conf = get_kb_item("Host/OS/Confidence"); if ( conf <= 71 ) exit(0); } if ( ereg(pattern:"Mac OS X 10\.5($\|\.0)", string:os)) security_warning(0);

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 26459 CVE(CAN) ID: CVE-2007-4704 Apple Mac OS X是苹果家族机器所使用的操作系统。 Mac OS X的应用防火墙设置存在漏洞，可能由于错误的安全认识导致非授权网络访问。在更改Mac OS X的应用防火墙设置时，重启系统之前launchd所启动的进程不会受影响，但用户可能以为更改应立即生效，这可能会造成错误的安全认知，将系统暴露于某些网络访问。 Apple Mac OS X 10.5 Apple MacOS X Server 10.5 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16133&cat=60&platform=osx&method=sa/MacOSXUpd10.5.1.dmg" target="_blank">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16133&cat=60&platform=osx&method=sa/MacOSXUpd10.5.1.dmg</a> <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16134&cat=60&platform=osx&method=sa/MacOSXServerUpd10.5.1.dmg" target="_blank">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16134&cat=60&platform=osx&method=sa/MacOSXServerUpd10.5.1.dmg</a>
id	SSV:2431
last seen	2017-11-19
modified	2007-11-17
published	2007-11-17
reporter	Root
title	Apple Max OS X应用防火墙Launchd绕过安全限制漏洞

Summary

Vulnerable Configurations

Nessus

Seebug

References