Sign-up

ID

VAR-200305-0066


CVE

CVE-2003-0171


TITLE

Apple MacOS X DirectoryService Privilege Escalation Vulnerability

Trust: 0.9

sources: BID: 7322 // CNNVD: CNNVD-200305-007

DESCRIPTION

DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program. Apple MacOS X DirectoryService is prone to an issue which may allow local attackers to gain elevated privileges. This issue is due to usage of libc system() function to execute commands. Attackers may potentially set a PATH environment variable that causes an arbitrary file to be executed with elevated. Exploitation may require the attacker to abuse other known issues (BID 7323) to crash the service. DirectoryServices is the MacOS X information and authentication subsystem, which is started during the startup phase and installed with the default setuid root attribute. To exploit this vulnerability, you must first stop the DirectoryServices service, which can be done by repeatedly connecting to port 625

Trust: 1.26

sources: NVD: CVE-2003-0171 // BID: 7322 // VULHUB: VHN-7001

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.0.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.0.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.0.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.0

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.0.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.2.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.1.5

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2.1

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2.4

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.0

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2.3

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2.3

Trust: 1.0

vendor:applemodel:mac os serverscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.2.5

Trust: 0.3

sources: BID: 7322 // CNNVD: CNNVD-200305-007 // NVD: CVE-2003-0171

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-0171
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200305-007
value: HIGH

Trust: 0.6

VULHUB: VHN-7001
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2003-0171
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-7001
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-7001 // CNNVD: CNNVD-200305-007 // NVD: CVE-2003-0171

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0171

THREAT TYPE

local

Trust: 0.9

sources: BID: 7322 // CNNVD: CNNVD-200305-007

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200305-007

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-7001

EXTERNAL IDS
db:NVDid:CVE-2003-0171
Trust: 2.0
db:CNNVDid:CNNVD-200305-007
Trust: 0.7
db:ATSTAKEid:A041003-1
Trust: 0.6
db:BIDid:7322
Trust: 0.4
db:EXPLOIT-DBid:15
Trust: 0.1
db:SEEBUGid:SSVID-62715
Trust: 0.1
db:VULHUBid:VHN-7001
Trust: 0.1
sources:
            
            
            VULHUB: VHN-7001 // 
            
            
            
            BID: 7322 // 
            
            
            
            CNNVD: CNNVD-200305-007 // 
            
            
            
            NVD: CVE-2003-0171

REFERENCES
url:http://www.atstake.com/research/advisories/2003/a041003-1.txt
Trust: 1.7
url:http://lists.apple.com/mhonarc/security-announce/msg00028.html
Trust: 1.7
url:http://www.info.apple.com/usen/security/security_updates.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-7001 // 
            
            
            
            BID: 7322 // 
            
            
            
            CNNVD: CNNVD-200305-007 // 
            
            
            
            NVD: CVE-2003-0171

CREDITS
Dave G.※ daveg@atstake.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200305-007

SOURCES
db:VULHUBid:VHN-7001
db:BIDid:7322
db:CNNVDid:CNNVD-200305-007
db:NVDid:CVE-2003-0171

LAST UPDATE DATE
2024-08-14T15:45:46.152000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-7001date:2008-09-10T00:00:00
db:BIDid:7322date:2009-07-11T21:06:00
db:CNNVDid:CNNVD-200305-007date:2005-10-20T00:00:00
db:NVDid:CVE-2003-0171date:2008-09-10T19:18:10.087

SOURCES RELEASE DATE
db:VULHUBid:VHN-7001date:2003-05-05T00:00:00
db:BIDid:7322date:2003-04-10T00:00:00
db:CNNVDid:CNNVD-200305-007date:2003-04-10T00:00:00
db:NVDid:CVE-2003-0171date:2003-05-05T04:00:00