Details of VAR-200311-0057

ID

VAR-200311-0057

CVE

CVE-2003-0895

TITLE

MacOS X Extra long Argv Value Kernel Buffer Overflow Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200311-027

DESCRIPTION

Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local users, and possibly remote attackers, to cause a denial of service (crash), access portions of memory, and possibly execute arbitrary code via a long command line argument (argv[]). A buffer overrun has been discovered in the MacOS X kernel when handling large argv values passed via the command-line. The precise details regarding this condition are currently unknown however the problem likely occurs due to insufficient bounds checking when handling user-supplied data. It has been confirmed that this condition can be exploited to cause a target kernel to crash. Mac OS X is an operating system used on Mac machines, based on the BSD system. By specifying extremely long command-line arguments, a local attacker could cause a Mac OS X kernel panic. The length of the total number of parameters that can trigger this condition is allowed within a small range. When this problem occurs, the operating system crashes immediately, not allowing the user to perform any operations. No logs are produced, nor are there any kernel panic messages. The system will automatically restart after a few minutes. This vulnerability can also be used to dump a small amount of kernel memory information to the attacker, but according to @stake's investigation, only the memory address will be returned to the user, and generally does not contain sensitive information

Trust: 1.26

sources: NVD: CVE-2003-0895 // BID: 8913 // VULHUB: VHN-7720

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.5	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.1	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.4	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.3	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.8	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.7	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.6	Trust: 1.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.3	Trust: 0.3

sources: BID: 8913 // CNNVD: CNNVD-200311-027 // NVD: CVE-2003-0895

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-0895
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200311-027
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-7720
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2003-0895
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-7720
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-7720 // CNNVD: CNNVD-200311-027 // NVD: CVE-2003-0895

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0895

THREAT TYPE

local

Trust: 0.9

sources: BID: 8913 // CNNVD: CNNVD-200311-027

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 8913 // CNNVD: CNNVD-200311-027

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-7720

EXTERNAL IDS

db:	NVD	id:	CVE-2003-0895	Trust: 2.0
db:	BID	id:	8913	Trust: 2.0
db:	CNNVD	id:	CNNVD-200311-027	Trust: 0.7
db:	XF	id:	13541	Trust: 0.6
db:	ATSTAKE	id:	A102803-3	Trust: 0.6
db:	VULHUB	id:	VHN-7720	Trust: 0.1

sources: VULHUB: VHN-7720 // BID: 8913 // CNNVD: CNNVD-200311-027 // NVD: CVE-2003-0895

REFERENCES

url:	http://www.atstake.com/research/advisories/2003/a102803-3.txt	Trust: 1.7
url:	http://www.securityfocus.com/bid/8913	Trust: 1.7
url:	http://lists.apple.com/mhonarc/security-announce/msg00038.html	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/13541	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/13541	Trust: 0.6
url:	http://www.apple.com/macosx/	Trust: 0.3

sources: VULHUB: VHN-7720 // BID: 8913 // CNNVD: CNNVD-200311-027 // NVD: CVE-2003-0895

CREDITS

The discovery of this vulnerability has been credited to @stake.

Trust: 0.3

sources: BID: 8913

SOURCES

db:	VULHUB	id:	VHN-7720
db:	BID	id:	8913
db:	CNNVD	id:	CNNVD-200311-027
db:	NVD	id:	CVE-2003-0895

LAST UPDATE DATE

2024-08-14T14:29:30.095000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-7720	date:	2017-07-11T00:00:00
db:	BID	id:	8913	date:	2009-07-11T23:56:00
db:	CNNVD	id:	CNNVD-200311-027	date:	2006-03-28T00:00:00
db:	NVD	id:	CVE-2003-0895	date:	2017-07-11T01:29:37.917

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-7720	date:	2003-11-03T00:00:00
db:	BID	id:	8913	date:	2003-10-28T00:00:00
db:	CNNVD	id:	CNNVD-200311-027	date:	2003-10-28T00:00:00
db:	NVD	id:	CVE-2003-0895	date:	2003-11-03T05:00:00