Vulnerability CVE-2007-3749 - CERT Civis.Net

Vulnerability Name:

CVE-2007-3749 (CCN-38466)

Assigned:

2007-11-14

Published:

2007-11-14

Updated:

2017-07-29

Summary:

The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the port before launching the setuid program, then writing to the address space of the setuid process.

CVSS v3 Severity:

9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.9 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2007-3749

Source: CCN
Type: Apple Web site
About the security content of Mac OS X 10.4.11 and Security Update 2007-008

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=307041

Source: IDEFENSE
Type: UNKNOWN
20071114 Apple Mac OS X Mach Port Inheritance Privilege Escalation Vulnerability

Source: APPLE
Type: UNKNOWN
APPLE-SA-2007-11-14

Source: CCN
Type: SA27643
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
27643

Source: CCN
Type: OSVDB ID: 40675
Apple Mac OS X Kernel Port Inheritance Race Condition Local Privilege Escalation

Source: BID
Type: UNKNOWN
26444

Source: CCN
Type: BID-26444
Apple Mac OS X v10.4.11 2007-008 Multiple Security Vulnerabilities

Source: CERT
Type: US Government Resource
TA07-319A

Source: VUPEN
Type: Vendor Advisory
ADV-2007-3868

Source: XF
Type: UNKNOWN
macosx-mach-privilege-escalation(38466)

Source: XF
Type: UNKNOWN
macosx-mach-privilege-escalation(38466)

Source: CCN
Type: iDefense Labs PUBLIC ADVISORY: 11.14.07
Apple Mac OS X Mach Port Inheritance Privilege Escalation Vulnerability

Vulnerable Configuration:

Configuration 1:

cpe:/o:apple:mac_os_x:10.4:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:apple:mac_os_x:10.4:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*

Denotes that component is vulnerable