CFNetwork Vulnerability in Apple Mac OS X FTP Handling
CVE-2007-2403

Currently unrated

Key Information:

Vendor: Apple
Status: Cfnetwork
Vendor: CVE Published:; 3 August 2007

Summary

CFNetwork in Apple Mac OS X versions 10.3.9 and 10.4.10 exhibits improper validation of ftp: URIs. This vulnerability allows remote attackers to send arbitrary FTP commands to any FTP server, potentially compromising confidentiality and integrity of data. Users are advised to review their systems and apply necessary security patches.

References

http://www.vupen.com/english/advisories/2007/2732

vdb-entryx_refsource_VUPEN

http://lists.apple.com/archives/security-announce//2007/J...

vendor-advisoryx_refsource_APPLE

http://securitytracker.com/id?1018491

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Aug 3, 2007
Vulnerability Reserved
Apr 30, 2007