ID

VAR-199912-0159


CVE

CVE-2000-0041


TITLE

apple's  macOS  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-1999-000074

DESCRIPTION

Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack. apple's macOS Exists in unspecified vulnerabilities.None. The implementation of Open Transport in MacOS 9 includes a weakness that could allow an attacker to use the Mac as a traffic amplifier in a DoS attack against another computer. A specially-crafted 29-byte UDP packet can be sent to a machine running MacOS 9. The Mac will then respond with a 1500 byte ICMP packet. If the first UDP packet is sent with a spoofed IP address of a third machine, and these spoofed triggger packets are sent to several MacOS 9 machines,, it will create an effective DoS of the third machine due to bandwidth starvation. There are a large number of ICMP datagram vulnerabilities in the Macintosh system. Attackers use these vulnerabilities as amplifiers to carry out attacks

Trust: 1.98

sources: NVD: CVE-2000-0041 // JVNDB: JVNDB-1999-000074 // BID: 890 // VULHUB: VHN-1620

AFFECTED PRODUCTS

vendor:applemodel:macosscope:eqversion:9.0

Trust: 1.0

vendor:アップルmodel:macosscope:eqversion:9.0

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion: -

Trust: 0.8

vendor:applemodel:mac osscope:eqversion:9.0

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:99.0

Trust: 0.3

sources: BID: 890 // JVNDB: JVNDB-1999-000074 // CNNVD: CNNVD-199912-095 // NVD: CVE-2000-0041

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2000-0041
value: MEDIUM

Trust: 1.0

NVD: CVE-2000-0041
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-199912-095
value: MEDIUM

Trust: 0.6

VULHUB: VHN-1620
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2000-0041
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-1620
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-1620 // JVNDB: JVNDB-1999-000074 // CNNVD: CNNVD-199912-095 // NVD: CVE-2000-0041

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-1999-000074 // NVD: CVE-2000-0041

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199912-095

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-199912-095

PATCH

title:top pageurl:https://www.apple.com/

Trust: 0.8

title:Apple Macintosh Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=163499

Trust: 0.6

sources: JVNDB: JVNDB-1999-000074 // CNNVD: CNNVD-199912-095

EXTERNAL IDS

db:NVDid:CVE-2000-0041

Trust: 3.3

db:BIDid:890

Trust: 2.8

db:JVNDBid:JVNDB-1999-000074

Trust: 0.8

db:CNNVDid:CNNVD-199912-095

Trust: 0.7

db:VULHUBid:VHN-1620

Trust: 0.1

sources: VULHUB: VHN-1620 // BID: 890 // JVNDB: JVNDB-1999-000074 // CNNVD: CNNVD-199912-095 // NVD: CVE-2000-0041

REFERENCES

url:http://www.securityfocus.com/bid/890

Trust: 3.5

url:https://nvd.nist.gov/vuln/detail/cve-2000-0041

Trust: 0.8

url:http://people.atl.mediaone.net/jacopeland/macattack.html

Trust: 0.3

url: -

Trust: 0.1

sources: VULHUB: VHN-1620 // BID: 890 // JVNDB: JVNDB-1999-000074 // CNNVD: CNNVD-199912-095 // NVD: CVE-2000-0041

CREDITS

Discovered by John A. Copeland <jacopeland@mediaone.net>.

Trust: 0.9

sources: BID: 890 // CNNVD: CNNVD-199912-095

SOURCES

db:VULHUBid:VHN-1620
db:BIDid:890
db:JVNDBid:JVNDB-1999-000074
db:CNNVDid:CNNVD-199912-095
db:NVDid:CVE-2000-0041

LAST UPDATE DATE

2024-11-22T22:54:54.730000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-1620date:2008-09-10T00:00:00
db:BIDid:890date:1999-12-29T00:00:00
db:JVNDBid:JVNDB-1999-000074date:2024-05-13T02:47:00
db:CNNVDid:CNNVD-199912-095date:2021-09-23T00:00:00
db:NVDid:CVE-2000-0041date:2024-11-20T23:31:35.360

SOURCES RELEASE DATE

db:VULHUBid:VHN-1620date:1999-12-28T00:00:00
db:BIDid:890date:1999-12-29T00:00:00
db:JVNDBid:JVNDB-1999-000074date:2024-05-13T00:00:00
db:CNNVDid:CNNVD-199912-095date:1999-12-28T00:00:00
db:NVDid:CVE-2000-0041date:1999-12-28T05:00:00