Vulnerability Name:

CVE-2007-0724 (CCN-32973)

Assigned:2007-03-13
Published:2007-03-13
Updated:2017-07-29
Summary:The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently limit access to certain controls, which allows local users to gain privileges by using HID device events to read keystrokes from the console.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2007-0724

Source: CCN
Type: Mac OS X 10.4.9 and Security Update 2007-003
About the security content of Mac OS X 10.4.9 and Security Update 2007-003

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=305214

Source: CCN
Type: Apple Security Update 2007-004
Security Update 2007-004

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=305391

Source: APPLE
Type: UNKNOWN
APPLE-SA-2007-04-19

Source: APPLE
Type: Patch, Vendor Advisory
APPLE-SA-2007-03-13

Source: CCN
Type: SA24479
Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
24479

Source: CCN
Type: SA24966
Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
24966

Source: CCN
Type: SECTRACK ID: 1017751
Mac OS X Lets Remote Users Execute Arbitrary Code and Local Users Obtain Elevated Privileges and Deny Service

Source: CCN
Type: SECTRACK ID: 1017942
Mac OS X Bugs Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges

Source: CCN
Type: Apple Mac OS X Web site
Apple - Mac OS X

Source: OSVDB
Type: UNKNOWN
34855

Source: CCN
Type: OSVDB ID: 34855
Apple Mac OS X IOKit HID Interface Local Privilege Escalation

Source: BID
Type: UNKNOWN
22948

Source: CCN
Type: BID-22948
Apple Mac OS X Multiple Applications Multiple Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1017751

Source: SECTRACK
Type: UNKNOWN
1017942

Source: CERT
Type: US Government Resource
TA07-072A

Source: CERT
Type: US Government Resource
TA07-109A

Source: VUPEN
Type: UNKNOWN
ADV-2007-0930

Source: VUPEN
Type: UNKNOWN
ADV-2007-1470

Source: XF
Type: UNKNOWN
macos-hid-privilege-escalation(32973)

Source: XF
Type: UNKNOWN
macos-hid-privilege-escalation(32973)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:apple:mac_os_x:10.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    apple mac os x 10.3.9
    apple mac os x 10.4
    apple mac os x 10.4.1
    apple mac os x 10.4.2
    apple mac os x 10.4.3
    apple mac os x 10.4.4
    apple mac os x 10.4.5
    apple mac os x 10.4.6
    apple mac os x 10.4.7
    apple mac os x 10.4.8
    apple mac os x server 10.4
    apple mac os x server 10.4.1
    apple mac os x server 10.4.2
    apple mac os x server 10.4.3
    apple mac os x server 10.4.4
    apple mac os x server 10.4.5
    apple mac os x server 10.4.6
    apple mac os x server 10.4.7
    apple mac os x server 10.4.8
    apple mac os x 10.4
    apple mac os x 10.4.1
    apple mac os x server 10.4.1
    apple mac os x server 10.4
    apple mac os x server 10.4.2
    apple mac os x 10.4.2
    apple mac os x 10.4.4
    apple mac os x 10.4.3
    apple mac os x server 10.4.3
    apple mac os x server 10.4.4
    apple mac os x 10.4.5
    apple mac os x server 10.4.5
    apple mac os x 10.4.6
    apple mac os x server 10.4.6
    apple mac os x 10.4.7
    apple mac os x server 10.4.7
    apple mac os x server 10.4.8
    apple mac os x 10.4.8
    apple mac os x server 10.4.9
    apple mac os x 10.4.9