Sign-up

ID

VAR-200403-0069


CVE

CVE-2004-0167


TITLE

Apple Mac OS X contains a vulnerability in DiskArbitration when initializing writable removable media

Trust: 0.8

sources: CERT/CC: VU#578886

DESCRIPTION

DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly initialize writeable removable media. The individual security issues include: Improved notification logging (CAN-2004-0168). Undisclosed DiskArbitration security improvements for handling writeable removable media (CAN-2004-0167). Undisclosed IPSec key exchange issue (CAN-2004-0164). pppd daemon format string vulnerability described in BID 9730(Apple Mac OS X PPPD Format String Memory Disclosure Vulnerability) (CAN-2004-0165). Unspecified security vulnerability (CAN-2004-0089) in QuickTime Streaming Server that is related to handling of request data. URI display issue (CAN-2004-0166) in the Safari web browser. Finally 3 vulnerabilities in tcpdump. These issues are described in BID 9507(TCPDump ISAKMP Decoding Routines Denial Of Service Vulnerability), BID 7090(TCPDump Malformed RADIUS Packet Denial Of Service Vulnerability) and BID 9423(TCPDump ISAKMP Decoding Routines Multiple Remote Buffer Overflow Vulnerabilities). These issues are currently undergoing further analysis. Where it is appropriate, each individual issue will be assigned a unique BID and any existing BIDs will be updated accordingly to reflect the release of this Security Update. A local attacker could exploit this vulnerability to read part of the pppd process memory information. However, this format string problem does not allow the use of \\%n to attack, but due to the lack of filtering when receiving command line parameters, the format string problem can be triggered when submitted to the vslprintf() function, and the part of the pppd process memory can be obtained by using this problem Information, such as PAP or CHAP authentication information

Trust: 3.42

sources: NVD: CVE-2004-0167 // CERT/CC: VU#578886 // CERT/CC: VU#194238 // JVNDB: JVNDB-2004-000767 // BID: 9731 // VULHUB: VHN-8597

AFFECTED PRODUCTS

vendor:apple computermodel: - scope: - version: -

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.3.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.2.8

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.3.2

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.2.8

Trust: 1.6

vendor:アップルmodel:apple mac os x serverscope:eqversion:10.3.2

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:eqversion:server 10.3.2

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:eqversion:10.2.8

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:eqversion:server 10.2.8

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:eqversion:10.3.2

Trust: 0.8

vendor:アップルmodel:apple mac os x serverscope:eqversion:10.2.8

Trust: 0.8

vendor:applemodel:mac osscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.03

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1

Trust: 0.3

sources: CERT/CC: VU#578886 // CERT/CC: VU#194238 // BID: 9731 // JVNDB: JVNDB-2004-000767 // CNNVD: CNNVD-200403-078 // NVD: CVE-2004-0167

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-0167
value: HIGH

Trust: 1.0

NVD: CVE-2004-0167
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200403-078
value: HIGH

Trust: 0.6

VULHUB: VHN-8597
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2004-0167
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-8597
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-8597 // JVNDB: JVNDB-2004-000767 // CNNVD: CNNVD-200403-078 // NVD: CVE-2004-0167

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2004-000767 // NVD: CVE-2004-0167

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200403-078

TYPE

Unknown

Trust: 0.9

sources: BID: 9731 // CNNVD: CNNVD-200403-078

PATCH

title:lists.apple.com (msg00000)url:https://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html

Trust: 0.8

sources: JVNDB: JVNDB-2004-000767

EXTERNAL IDS

db:SECUNIAid:10959

Trust: 4.1

db:NVDid:CVE-2004-0167

Trust: 3.6

db:CERT/CCid:VU#578886

Trust: 3.3

db:BIDid:9731

Trust: 2.8

db:OSVDBid:6824

Trust: 1.7

db:CERT/CCid:VU#194238

Trust: 0.8

db:JVNDBid:JVNDB-2004-000767

Trust: 0.8

db:CNNVDid:CNNVD-200403-078

Trust: 0.7

db:XFid:15300

Trust: 0.6

db:APPLEid:APPLE-SA-2004-02-23

Trust: 0.6

db:VULHUBid:VHN-8597

Trust: 0.1

sources: CERT/CC: VU#578886 // CERT/CC: VU#194238 // VULHUB: VHN-8597 // BID: 9731 // JVNDB: JVNDB-2004-000767 // CNNVD: CNNVD-200403-078 // NVD: CVE-2004-0167

REFERENCES

url:http://www.securityfocus.com/bid/9731

Trust: 2.5

url:http://www.kb.cert.org/vuls/id/578886

Trust: 2.5

url:http://secunia.com/advisories/10959

Trust: 2.5

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/15300

Trust: 1.9

url:http://lists.apple.com/archives/security-announce/2004/feb/msg00000.html

Trust: 1.7

url:http://www.osvdb.org/6824

Trust: 1.7

url:http://www.apple.com/support/security/security_updates.html

Trust: 1.6

url:http://secunia.com/advisories/10959/

Trust: 1.6

url:http://xforce.iss.net/xforce/xfdb/15300

Trust: 1.2

url:https://nvd.nist.gov/vuln/detail/cve-2004-0167

Trust: 0.8

sources: CERT/CC: VU#578886 // CERT/CC: VU#194238 // VULHUB: VHN-8597 // JVNDB: JVNDB-2004-000767 // CNNVD: CNNVD-200403-078 // NVD: CVE-2004-0167

CREDITS

Dave G※ daveg@atstake.com

Trust: 0.6

sources: CNNVD: CNNVD-200403-078

SOURCES

db:CERT/CCid:VU#578886
db:CERT/CCid:VU#194238
db:VULHUBid:VHN-8597
db:BIDid:9731
db:JVNDBid:JVNDB-2004-000767
db:CNNVDid:CNNVD-200403-078
db:NVDid:CVE-2004-0167

LAST UPDATE DATE

2024-08-14T13:08:12.532000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#578886date:2004-03-19T00:00:00
db:CERT/CCid:VU#194238date:2004-02-25T00:00:00
db:VULHUBid:VHN-8597date:2018-09-26T00:00:00
db:BIDid:9731date:2009-07-12T03:06:00
db:JVNDBid:JVNDB-2004-000767date:2024-05-30T06:32:00
db:CNNVDid:CNNVD-200403-078date:2005-05-13T00:00:00
db:NVDid:CVE-2004-0167date:2018-09-26T15:59:03.123

SOURCES RELEASE DATE

db:CERT/CCid:VU#578886date:2004-02-25T00:00:00
db:CERT/CCid:VU#194238date:2004-02-25T00:00:00
db:VULHUBid:VHN-8597date:2004-03-15T00:00:00
db:BIDid:9731date:2004-02-24T00:00:00
db:JVNDBid:JVNDB-2004-000767date:2024-05-30T00:00:00
db:CNNVDid:CNNVD-200403-078date:2003-07-18T00:00:00
db:NVDid:CVE-2004-0167date:2004-03-15T05:00:00