| Vulnerability Name: | CVE-2007-0318 (CCN-31492) | ||||||||
| Assigned: | 2007-01-13 | ||||||||
| Published: | 2007-01-13 | ||||||||
| Updated: | 2011-03-08 | ||||||||
| Summary: | The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal. | ||||||||
| CVSS v3 Severity: | 5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
| ||||||||
| CVSS v2 Severity: | 7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C) 6.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:POC/RL:OF/RC:C)
3.1 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:N/A:C/E:POC/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: MITRE Type: CNA CVE-2007-0318 Source: CCN Type: Mac OS X 10.4.9 and Security Update 2007-003 About the security content of Mac OS X 10.4.9 and Security Update 2007-003 Source: CONFIRM Type: UNKNOWN http://docs.info.apple.com/article.html?artnum=305214 Source: APPLE Type: UNKNOWN APPLE-SA-2007-03-13 Source: CCN Type: MOAB-13-01-2007 Apple DMG HFS+ do_hfs_truncate() Denial of Service Vulnerability Source: MISC Type: UNKNOWN http://projects.info-pull.com/moab/MOAB-13-01-2007.html Source: CCN Type: SA23742 Mac OS X HFS+ "do_hfs_truncate()" Denial of Service Source: SECUNIA Type: Vendor Advisory 23742 Source: CCN Type: SA24479 Mac OS X Security Update Fixes Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 24479 Source: CCN Type: SECTRACK ID: 1017759 Mac OS X HFS+ File System Lets Local Users Deny Service Source: CCN Type: Apple Mac OS X Web site Apple - Mac OS X Source: OSVDB Type: UNKNOWN 32685 Source: CCN Type: OSVDB ID: 32685 Apple Mac OS X HFS+ do_hfs_truncate() Function DoS Source: CCN Type: BID-22042 Apple Mac OS X DMG HFS+ DO_HFS_TRUNCATE Denial Of Service Vulnerability Source: SECTRACK Type: UNKNOWN 1017759 Source: CERT Type: US Government Resource TA07-072A Source: VUPEN Type: UNKNOWN ADV-2007-0171 Source: VUPEN Type: UNKNOWN ADV-2007-0930 Source: XF Type: UNKNOWN macos-dohfstruncate-dos(31492) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||