OSVDB ID: 32704

Title: Apple Mac OS X CFNetwork _CFNetConnectionWillEnqueueRequests Function DoS

Info

Disclosure

Jan 25, 2007

Discovery

Unknown

Dates

Exploit

Jan 25, 2007

Solution

Unknown

Description

Mac OS X contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted server response causes the _CFNetConnectionWillEnqueueRequests() function to dereference a NULL pointer, and will result in loss of availability for the application.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Availability
Exploit: Exploit Public
Disclosure: Vendor Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Apple Computer, Inc.

Mac OS X

10.4.8

References

CVE ID: 2007-0464 (see also: NVD)
Bugtraq ID: 22249 26444
Secunia Advisory ID: 27643
ISS X-Force ID: 31837
Milw0rm: 3200
Exploit Database: 3200
Related OSVDB ID: 32704 40661 40662 40663 40664 40665 40666 40667 40668 40669 40670 40671 40672 40673 40674 40675 40676 40677 40678 40679 40680 40681 40682 40683 40684 40685 40686 40687 40688
VUPEN Advisory: ADV-2007-3868
Vendor Specific Advisory URL: http://docs.info.apple.com/article.html?artnum=307041
Vendor Specific News/Changelog Entry: http://docs.info.apple.com/article.html?artnum=307041
Mail List Post: http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
Other Advisory URL: http://projects.info-pull.com/moab/MOAB-25-01-2007.html
CERT: TA07-319A

Credit

LMH - lmhinfo-pull.com -

Direct URL: http://osvdb.org/32704