Details of VAR-200312-0279

ID

VAR-200312-0279

CVE

CVE-2003-1005

TITLE

Integer overflow vulnerability in rsync

Trust: 0.8

sources: CERT/CC: VU#325603

DESCRIPTION

The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (service crash) via malformed ASN.1 sequences. Some versions of the rsync program contain a remotely exploitable vulnerability. This vulnerability may allow an attacker to execute arbitrary code on the target system. This could potentially lead to an attacker crashing a service that uses an implementation of the vulnerable software. This issue is reported to be similar to OpenSSL ASN.1 Large Recursion Remote Denial Of Service Vulnerability described in BID 8970. Due to a lack of details further information concerning this issue cannot be provided at the moment. This BID will be updated as more information becomes available. Mac OS X is an operating system used on Mac machines, based on the BSD system. No detailed vulnerability details are currently available

Trust: 1.98

sources: NVD: CVE-2003-1005 // CERT/CC: VU#325603 // BID: 9266 // VULHUB: VHN-7830

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.8	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.2	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.8	Trust: 1.6
vendor:	apple computer	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	debian linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	freebsd	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	gentoo linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	guardian digital	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	immunix	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	mandriva	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	openbsd	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	openpkg	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	sco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	sgi	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	suse linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	slackware	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	trustix secure linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	turbolinux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.8	Trust: 0.3

sources: CERT/CC: VU#325603 // BID: 9266 // CNNVD: CNNVD-200312-121 // NVD: CVE-2003-1005

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-1005
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#325603
value:	29.40
Trust: 0.8
CNNVD:	CNNVD-200312-121
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-7830
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2003-1005
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-7830
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#325603 // VULHUB: VHN-7830 // CNNVD: CNNVD-200312-121 // NVD: CVE-2003-1005

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-1005

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200312-121

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200312-121

EXTERNAL IDS

db:	SECUNIA	id:	10474	Trust: 2.5
db:	BID	id:	9266	Trust: 2.0
db:	AUSCERT	id:	ESB-2003.0867	Trust: 1.7
db:	NVD	id:	CVE-2003-1005	Trust: 1.7
db:	SECUNIA	id:	10361	Trust: 0.8
db:	SECUNIA	id:	10362	Trust: 0.8
db:	SECUNIA	id:	10364	Trust: 0.8
db:	SECUNIA	id:	10357	Trust: 0.8
db:	SECUNIA	id:	10363	Trust: 0.8
db:	SECUNIA	id:	10354	Trust: 0.8
db:	SECUNIA	id:	10359	Trust: 0.8
db:	SECUNIA	id:	10378	Trust: 0.8
db:	SECUNIA	id:	10353	Trust: 0.8
db:	SECUNIA	id:	10358	Trust: 0.8
db:	SECUNIA	id:	10355	Trust: 0.8
db:	SECUNIA	id:	10356	Trust: 0.8
db:	SECUNIA	id:	10360	Trust: 0.8
db:	CERT/CC	id:	VU#325603	Trust: 0.8
db:	CNNVD	id:	CNNVD-200312-121	Trust: 0.7
db:	NSFOCUS	id:	5837	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2003-12-19	Trust: 0.6
db:	VULHUB	id:	VHN-7830	Trust: 0.1

sources: CERT/CC: VU#325603 // VULHUB: VHN-7830 // BID: 9266 // CNNVD: CNNVD-200312-121 // NVD: CVE-2003-1005

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2003/dec/msg00001.html	Trust: 1.7
url:	http://www.auscert.org.au/render.html?it=3704	Trust: 1.7
url:	http://www.securityfocus.com/bid/9266	Trust: 1.7
url:	http://secunia.com/advisories/10474/	Trust: 1.7
url:	http://www.mail-archive.com/rsync@lists.samba.org/msg08271.html	Trust: 0.8
url:	http://www.secunia.com/advisories/10353/	Trust: 0.8
url:	http://www.secunia.com/advisories/10354/	Trust: 0.8
url:	http://www.secunia.com/advisories/10355/	Trust: 0.8
url:	http://www.secunia.com/advisories/10356/	Trust: 0.8
url:	http://www.secunia.com/advisories/10357/	Trust: 0.8
url:	http://www.secunia.com/advisories/10358/	Trust: 0.8
url:	http://www.secunia.com/advisories/10359/	Trust: 0.8
url:	http://www.secunia.com/advisories/10360/	Trust: 0.8
url:	http://www.secunia.com/advisories/10361/	Trust: 0.8
url:	http://www.secunia.com/advisories/10362/	Trust: 0.8
url:	http://www.secunia.com/advisories/10363/	Trust: 0.8
url:	http://www.secunia.com/advisories/10364/	Trust: 0.8
url:	http://www.secunia.com/advisories/10378/	Trust: 0.8
url:	http://www.secunia.com/advisories/10474/	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/5837	Trust: 0.6

sources: CERT/CC: VU#325603 // VULHUB: VHN-7830 // CNNVD: CNNVD-200312-121 // NVD: CVE-2003-1005

CREDITS

The disclosure of this issue has been credited to the vendor.

Trust: 0.3

sources: BID: 9266

SOURCES

db:	CERT/CC	id:	VU#325603
db:	VULHUB	id:	VHN-7830
db:	BID	id:	9266
db:	CNNVD	id:	CNNVD-200312-121
db:	NVD	id:	CVE-2003-1005

LAST UPDATE DATE

2024-08-14T13:40:24.634000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#325603	date:	2006-05-01T00:00:00
db:	VULHUB	id:	VHN-7830	date:	2008-09-10T00:00:00
db:	BID	id:	9266	date:	2003-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200312-121	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2003-1005	date:	2008-09-10T19:21:24.633

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#325603	date:	2003-12-09T00:00:00
db:	VULHUB	id:	VHN-7830	date:	2003-12-31T00:00:00
db:	BID	id:	9266	date:	2003-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200312-121	date:	2003-12-31T00:00:00
db:	NVD	id:	CVE-2003-1005	date:	2003-12-31T05:00:00