Executive Summary

Informations
Name CVE-2007-3744 First vendor Publication 2007-08-03
Vendor Cve Last vendor Modification 2011-03-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 5.8 Attack Range Adjacent network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 6.5 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

Impacts Provides user account access : Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3744

CWE : Common Weakness Enumeration

idName
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Os11
Os11

OpenVAS Exploits

DateDescription
2012-02-12Name : Gentoo Security Advisory GLSA 201201-05 (mDNSResponder)
File : nvt/glsa_201201_05.nasl
2009-11-17Name : Mac OS X Version
File : nvt/macosx_version.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
36967Apple Mac OS X mDNSResponder UPnP IGD Crafted Packet Remote Overflow

Snort® IPS/IDS

DateDescription
2014-01-10Apple mDNSresponder excessive HTTP headers
RuleID : 12357 - Revision : 4 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

DateDescription
2012-01-23Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201201-05.nasl - Type : ACT_GATHER_INFO
2007-08-02Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2007-007.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
APPLE http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
BID http://www.securityfocus.com/bid/25159
CONFIRM http://docs.info.apple.com/article.html?artnum=306172
IDEFENSE http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=573
SECTRACK http://www.securitytracker.com/id?1018488
SECUNIA http://secunia.com/advisories/26235
VUPEN http://www.vupen.com/english/advisories/2007/2732
XF http://xforce.iss.net/xforce/xfdb/35733

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2014-02-17 10:40:52
  • Multiple Updates
2014-01-19 21:24:18
  • Multiple Updates
2013-05-11 10:31:25
  • Multiple Updates