High severity7.8NVD Advisory· Published Nov 15, 2007· Updated Jun 16, 2026
CVE-2007-3749
CVE-2007-3749
Description
The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the port before launching the setuid program, then writing to the address space of the setuid process.
Affected products
2cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*range: >=10.4.0,<=10.4.10
- (no CPE)range: 10.4 through 10.4.10
Patches
Vulnerability mechanics
References
8- secunia.com/advisories/27643nvdBroken LinkVendor Advisory
- www.securityfocus.com/bid/26444nvdBroken LinkThird Party AdvisoryVDB Entry
- www.us-cert.gov/cas/techalerts/TA07-319A.htmlnvdBroken LinkThird Party AdvisoryUS Government Resource
- www.vupen.com/english/advisories/2007/3868nvdBroken LinkVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/38466nvdThird Party AdvisoryVDB Entry
- docs.info.apple.com/article.htmlnvdBroken Link
- labs.idefense.com/intelligence/vulnerabilities/display.phpnvdBroken Link
- lists.apple.com/archives/security-announce/2007/Nov/msg00002.htmlnvdMailing List
News mentions
0No linked articles in our index yet.