Vulnerability Details CVE-2007-4702
The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.3%
CVSS Severity
CVSS v2 Score 9.3
References
- http://docs.info.apple.com/article.html?artnum=307004
- http://lists.apple.com/archives/security-announce/2007/Nov/msg00004.html
- http://secunia.com/advisories/27695
- http://securitytracker.com/id?1018958
- http://www.securityfocus.com/bid/26461
- http://www.vupen.com/english/advisories/2007/3897
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38506
- http://docs.info.apple.com/article.html?artnum=307004
- http://lists.apple.com/archives/security-announce/2007/Nov/msg00004.html
- http://secunia.com/advisories/27695
- http://securitytracker.com/id?1018958
- http://www.securityfocus.com/bid/26461
- http://www.vupen.com/english/advisories/2007/3897
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38506
Products affected by CVE-2007-4702
-
cpe:2.3:o:apple:mac_os_x:10.5
-
cpe:2.3:o:apple:mac_os_x_server:10.5