CVE-2007-3749

Name of the Vulnerable Software and Affected Versions Apple Mac OS X versions 10.4 through 10.4.10

Description The issue allows local users to execute arbitrary code by creating a port before launching a setuid program, then writing to the address space of the setuid process. This is due to the kernel not resetting the current Mach Thread Port or Thread Exception Port when executing a setuid program.

Recommendations For Apple Mac OS X versions 10.4 through 10.4.10, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, restrict the use of setuid programs to minimize the risk of arbitrary code execution.