Details of VAR-200403-0080

ID

VAR-200403-0080

CVE

CVE-2003-1006

TITLE

Apple Mac OS X "cd9660.util" buffer overflow

Trust: 0.8

sources: CERT/CC: VU#878526

DESCRIPTION

Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 and Apple Mac OS X Server 10.0 through 10.3.2 may allow local users to execute arbitrary code via a long command line parameter. This vulnerability could allow a local attacker to gain elevated privileges on the vulnerable system. The cd9660.util utility has been reported prone to a local buffer overrun vulnerability. Excessive data supplied as an argument for the probe for mounting switch, passed to the cd9660.util utility will overrun the bounds of a reserved buffer in memory. Because memory adjacent to this buffer has been reported to contain saved values that are crucial to controlling execution flow, a local attacker may potentially influence cd9660.util execution flow into attacker-supplied instructions. Mac OS X is an operating system used on Mac machines, based on the BSD system. Due to the lack of sufficient input validation in the cd9660.util tool, local attackers can exploit this vulnerability to carry out buffer overflow attacks, which can lead to privilege escalation. \'\'/System/Library/Filesystems/cd9660.fs/cd9660.util\'\'can submit parameters to detect the mounted device, if the detection device parameter is too long, it may trigger buffer overflow at runtime, careful Building commit data can lead to privilege escalation

Trust: 1.98

sources: NVD: CVE-2003-1006 // CERT/CC: VU#878526 // BID: 9228 // VULHUB: VHN-7831

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.6	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.5	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.4	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.2	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.1	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.3	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.2	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.8	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.7	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.7	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.1	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.8	Trust: 1.0
vendor:	apple computer	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.0	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1	Trust: 0.3

sources: CERT/CC: VU#878526 // BID: 9228 // CNNVD: CNNVD-200403-114 // NVD: CVE-2003-1006

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-1006
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#878526
value:	7.70
Trust: 0.8
CNNVD:	CNNVD-200403-114
value:	HIGH
Trust: 0.6
VULHUB:	VHN-7831
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2003-1006
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-7831
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#878526 // VULHUB: VHN-7831 // CNNVD: CNNVD-200403-114 // NVD: CVE-2003-1006

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-1006

THREAT TYPE

local

Trust: 0.9

sources: BID: 9228 // CNNVD: CNNVD-200403-114

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 9228 // CNNVD: CNNVD-200403-114

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-7831

EXTERNAL IDS

db:	CERT/CC	id:	VU#878526	Trust: 2.5
db:	BID	id:	9228	Trust: 2.0
db:	NVD	id:	CVE-2003-1006	Trust: 2.0
db:	CNNVD	id:	CNNVD-200403-114	Trust: 0.7
db:	BUGTRAQ	id:	20031219 RE: BUFFER OVERFLOW/PRIVILEGE ESCALATION IN MACOS X - HFS.UTIL ALSO	Trust: 0.6
db:	BUGTRAQ	id:	20031216 RE: BUFFER OVERFLOW/PRIVILEGE ESCALATION IN MACOS X	Trust: 0.6
db:	BUGTRAQ	id:	20031215 BUFFER OVERFLOW/PRIVILEGE ESCALATION IN MACOS X	Trust: 0.6
db:	XF	id:	13995	Trust: 0.6
db:	XF	id:	9660	Trust: 0.6
db:	SEEBUG	id:	SSVID-77207	Trust: 0.1
db:	EXPLOIT-DB	id:	23442	Trust: 0.1
db:	VULHUB	id:	VHN-7831	Trust: 0.1

sources: CERT/CC: VU#878526 // VULHUB: VHN-7831 // BID: 9228 // CNNVD: CNNVD-200403-114 // NVD: CVE-2003-1006

REFERENCES

url:	http://www.securityfocus.com/bid/9228	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/347578	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/347707	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/348097	Trust: 1.7
url:	http://www.kb.cert.org/vuls/id/878526	Trust: 1.7
url:	http://docs.info.apple.com/article.html?artnum=61798	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/13995	Trust: 1.1
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/13995	Trust: 0.6
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	/archive/1/347578	Trust: 0.3
url:	/archive/1/347687	Trust: 0.3
url:	/archive/1/348097	Trust: 0.3

sources: CERT/CC: VU#878526 // VULHUB: VHN-7831 // BID: 9228 // CNNVD: CNNVD-200403-114 // NVD: CVE-2003-1006

CREDITS

Max rusmir@tula.net

Trust: 0.6

sources: CNNVD: CNNVD-200403-114

SOURCES

db:	CERT/CC	id:	VU#878526
db:	VULHUB	id:	VHN-7831
db:	BID	id:	9228
db:	CNNVD	id:	CNNVD-200403-114
db:	NVD	id:	CVE-2003-1006

LAST UPDATE DATE

2024-08-14T12:38:07.754000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#878526	date:	2004-03-15T00:00:00
db:	VULHUB	id:	VHN-7831	date:	2017-07-11T00:00:00
db:	BID	id:	9228	date:	2009-07-12T00:56:00
db:	CNNVD	id:	CNNVD-200403-114	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2003-1006	date:	2017-07-11T01:29:39.620

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#878526	date:	2004-03-15T00:00:00
db:	VULHUB	id:	VHN-7831	date:	2004-03-29T00:00:00
db:	BID	id:	9228	date:	2003-12-15T00:00:00
db:	CNNVD	id:	CNNVD-200403-114	date:	2003-12-15T00:00:00
db:	NVD	id:	CVE-2003-1006	date:	2004-03-29T05:00:00