CVE-2007-4702

The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions.

Published: Nov 15, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-4702
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
apple / mac_os_x	10.5	10.5.x
apple / mac_os_x_server	10.5	10.5.x

http://docs.info.apple.com/article.html?artnum=307004
http://lists.apple.com/archives/security-announce/2007/Nov/msg00004.html
http://secunia.com/advisories/27695
http://securitytracker.com/id?1018958
http://www.securityfocus.com/bid/26461
http://www.vupen.com/english/advisories/2007/3897
https://exchange.xforce.ibmcloud.com/vulnerabilities/38506

Vulnerability Database

291,049

CVE-2007-4702