Details of VAR-200403-0083

ID

VAR-200403-0083

CVE

CVE-2003-1009

TITLE

Apple MacOS X DHCP Answer ROOT Permission access vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200403-133

DESCRIPTION

Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 and Apple Mac OS X Server 10.2 through 10.3.2 accepts authentication server information from unknown LDAP or NetInfo sources as provided by a malicious DHCP server, which allows remote attackers to gain privileges. It has been reported that Apple MacOS X may be prone to a vulnerability that may allow an attacker to gain root access to a vulnerable system via DHCP responses. It has been reported that systems running MacOS X attempt to negotiate DHCP on all available interfaces. If a network is not found, and that system is implementing the use of wireless connectivity, then that system will attempt to connect to any network in order to obtain an address. The system will also attempt to connect to an LDAP or NetInfo server on the network by using DHCP provided fields. The vulnerable host is reported to implicitly trust the server for correct information. It has also been reported that an attacker may set up a malicious server and thereby be able to login to a vulnerable system using any login name and a user id (uid) of 0 in response to DHCP lease requests. Mac OS X is an operating system used on Mac machines, based on the BSD system. The \"Directory Access\" default setting on systems affected by this vulnerability blindly uses and trusts the DHCP fields provided by these servers, and the system does not prevent logins with any login with uid 0. For example, if an LDAP or NetInfo server contains a user named \"bluemeanie\", uid 0, the system will not check the login system window, or any network-provided premises, such as SSH. In most cases, the Mac would need to boot into a malicious environment to exploit this vulnerability (the Netinfod process would have to be restarted to insert the malicious server into its list of authenticated resources)

Trust: 1.26

sources: NVD: CVE-2003-1009 // BID: 9110 // VULHUB: VHN-7834

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.6	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.5	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.4	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.2	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.1	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.3	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.2	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.8	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.7	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.3	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.8	Trust: 1.0
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.2	Trust: 0.3

sources: BID: 9110 // CNNVD: CNNVD-200403-133 // NVD: CVE-2003-1009

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-1009
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200403-133
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-7834
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2003-1009
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-7834
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-7834 // CNNVD: CNNVD-200403-133 // NVD: CVE-2003-1009

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-1009

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200403-133

TYPE

Configuration Error

Trust: 0.9

sources: BID: 9110 // CNNVD: CNNVD-200403-133

EXTERNAL IDS

db:	BID	id:	9110	Trust: 2.0
db:	NVD	id:	CVE-2003-1009	Trust: 2.0
db:	CNNVD	id:	CNNVD-200403-133	Trust: 0.7
db:	XF	id:	13874	Trust: 0.6
db:	VULHUB	id:	VHN-7834	Trust: 0.1

sources: VULHUB: VHN-7834 // BID: 9110 // CNNVD: CNNVD-200403-133 // NVD: CVE-2003-1009

REFERENCES

url:	http://www.carrel.org/dhcp-vuln.html	Trust: 2.0
url:	http://www.securityfocus.com/bid/9110	Trust: 1.7
url:	http://docs.info.apple.com/article.html?artnum=61798	Trust: 1.7
url:	http://docs.info.apple.com/article.html?artnum=32478	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/13874	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/13874	Trust: 0.6
url:	http://www.apple.com/macosx/	Trust: 0.3

sources: VULHUB: VHN-7834 // BID: 9110 // CNNVD: CNNVD-200403-133 // NVD: CVE-2003-1009

CREDITS

William Carrel

Trust: 0.6

sources: CNNVD: CNNVD-200403-133

SOURCES

db:	VULHUB	id:	VHN-7834
db:	BID	id:	9110
db:	CNNVD	id:	CNNVD-200403-133
db:	NVD	id:	CVE-2003-1009

LAST UPDATE DATE

2024-08-14T14:23:05.880000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-7834	date:	2017-07-11T00:00:00
db:	BID	id:	9110	date:	2009-07-12T00:56:00
db:	CNNVD	id:	CNNVD-200403-133	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2003-1009	date:	2017-07-11T01:29:39.777

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-7834	date:	2004-03-29T00:00:00
db:	BID	id:	9110	date:	2003-11-26T00:00:00
db:	CNNVD	id:	CNNVD-200403-133	date:	2003-11-26T00:00:00
db:	NVD	id:	CVE-2003-1009	date:	2004-03-29T05:00:00