CVE-2007-0229

Mac OS X 10.4.8 - Local Denial of Service and Privilege Escalation via Crafted DMG Image

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0229. PoCs published by LMH.

AI-analyzed exploit summary This is a writeup describing CVE-2007-0229, an integer overflow vulnerability in Apple Mac OS X and FreeBSD UFS filesystem handling of crafted DMG images. Successful exploitation could lead to remote code execution with kernel privileges or denial-of-service.

Description

Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.

Exploits (1)

exploitdb WRITEUP VERIFIED

by LMH · textdososx

https://www.exploit-db.com/exploits/29441

View Code ZIP pw:eip

This is a writeup describing CVE-2007-0229, an integer overflow vulnerability in Apple Mac OS X and FreeBSD UFS filesystem handling of crafted DMG images. Successful exploitation could lead to remote code execution with kernel privileges or denial-of-service.

Classification

Writeup 90%

Attack Type

Rce | Dos

Complexity

Moderate

Reliability

Theoretical

Target: Apple Mac OS X 10.4.8, FreeBSD 6.1

No auth needed

Prerequisites: Crafted DMG image · Victim interaction to open the malicious file

MITRE ATT&CK