CVE-2007-4702

high

Description

The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/38506

http://www.vupen.com/english/advisories/2007/3897

http://www.securityfocus.com/bid/26461

http://securitytracker.com/id?1018958

http://secunia.com/advisories/27695

http://lists.apple.com/archives/security-announce/2007/Nov/msg00004.html

http://docs.info.apple.com/article.html?artnum=307004

Details

Source: Mitre, NVD

Published: 2007-11-15

Updated: 2017-07-29

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Severity: High