This event is generated when an attacker attempts to exploit an integer overflow vulnerability when OS X attempts to mount a .dmg file.
Attempted Administrator Privilege Gain
Rule checks for an attempt to exploit an integer overflow vulnerability present in Mac OS X 10.4.8.
Ease of Attack:
Hard; information about vulnerability is publicly-available, but a successful exploit would require significant modification and interaction by the victim.
What To Look For
No public information
No known false positives
MITRE ATT&CK Framework
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information
CVE-2007-0229Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.
||Ease of Access||