Details of VAR-200412-0024

ID

VAR-200412-0024

CVE

CVE-2004-0821

TITLE

Apple QuickTime Streaming Server vulnerable to DoS

Trust: 0.8

sources: CERT/CC: VU#914870

DESCRIPTION

The CFPlugIn in Core Foundation framework in Mac OS X allows user supplied libraries to be loaded, which could allow local users to gain privileges. There is a vulnerability in the Apple QuickTime Streaming Server that could allow a remote attacker to cause a denial-of-service condition. It is reported that bundles using CoreFoundation can be made to automatically load plug-in executables using the CFPlugIn feature. This is a security vulnerability allowing for local privilege escalation as malicious executable plug-ins can be loaded by a privileged application. At this time, it is not clear whether the application targeted must be in the form of a bundle or if the attacker can perform the attack against any privileged application with a custom bundle. Users are advised to apply the patch provided by Apple, which changes the feature to prevent loading of plug-ins automatically if an executable is already loaded. Mac OS X is an operating system used on Mac machines, based on the BSD system. Apple Mac OS X CoreFoundation has library loading processing issues and buffer overflows. Local attackers can exploit this vulnerability to obtain ROOT privileges. Apple reports that local users can use the CoreFoundation CFPlugIn application to load any user-provided library to obtain ROOT privileges [CVE: CAN -2004-0821]. In addition, local users can modify some environment variables to trigger buffer overflow in CoreFoundation, and can execute arbitrary commands with ROOT process privileges [CVE: CAN-2004-0822]

Trust: 3.42

sources: NVD: CVE-2004-0821 // CERT/CC: VU#914870 // CERT/CC: VU#545446 // CERT/CC: VU#704110 // BID: 11135 // VULHUB: VHN-9251

AFFECTED PRODUCTS

vendor:	apple computer	model:	-	scope:	-	version:	-	Trust: 2.4
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.4	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.5	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.4	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.8	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.5	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.8	Trust: 1.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.8	Trust: 0.3

sources: CERT/CC: VU#914870 // CERT/CC: VU#545446 // CERT/CC: VU#704110 // BID: 11135 // CNNVD: CNNVD-200412-949 // NVD: CVE-2004-0821

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0821
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#914870
value:	1.73
Trust: 0.8
CARNEGIE MELLON:	VU#545446
value:	9.62
Trust: 0.8
CARNEGIE MELLON:	VU#704110
value:	5.91
Trust: 0.8
CNNVD:	CNNVD-200412-949
value:	HIGH
Trust: 0.6
VULHUB:	VHN-9251
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-0821
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-9251
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#914870 // CERT/CC: VU#545446 // CERT/CC: VU#704110 // VULHUB: VHN-9251 // CNNVD: CNNVD-200412-949 // NVD: CVE-2004-0821

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-0821

THREAT TYPE

local

Trust: 0.9

sources: BID: 11135 // CNNVD: CNNVD-200412-949

TYPE

Design Error

Trust: 0.9

sources: BID: 11135 // CNNVD: CNNVD-200412-949

EXTERNAL IDS

db:	SECUNIA	id:	12491	Trust: 4.1
db:	CERT/CC	id:	VU#704110	Trust: 2.5
db:	NVD	id:	CVE-2004-0821	Trust: 2.0
db:	BID	id:	11135	Trust: 2.0
db:	AUSCERT	id:	ESB-2004.0559	Trust: 1.7
db:	SECTRACK	id:	1011174	Trust: 1.6
db:	BID	id:	11138	Trust: 0.8
db:	SECTRACK	id:	1011176	Trust: 0.8
db:	CERT/CC	id:	VU#914870	Trust: 0.8
db:	CERT/CC	id:	VU#545446	Trust: 0.8
db:	CNNVD	id:	CNNVD-200412-949	Trust: 0.7
db:	APPLE	id:	APPLE-SA-0024-09-07	Trust: 0.6
db:	CIAC	id:	O-212	Trust: 0.6
db:	XF	id:	17291	Trust: 0.6
db:	NSFOCUS	id:	6884	Trust: 0.6
db:	VULHUB	id:	VHN-9251	Trust: 0.1

sources: CERT/CC: VU#914870 // CERT/CC: VU#545446 // CERT/CC: VU#704110 // VULHUB: VHN-9251 // BID: 11135 // CNNVD: CNNVD-200412-949 // NVD: CVE-2004-0821

REFERENCES

url:	http://secunia.com/advisories/12491/	Trust: 4.1
url:	http://docs.info.apple.com/article.html?artnum=61798	Trust: 2.4
url:	http://www.auscert.org.au/render.html?it=4363	Trust: 1.7
url:	http://www.securityfocus.com/bid/11135	Trust: 1.7
url:	http://www.kb.cert.org/vuls/id/704110	Trust: 1.7
url:	http://www.ciac.org/ciac/bulletins/o-212.shtml	Trust: 1.7
url:	http://developer.apple.com/documentation/macosx/conceptual/systemoverview/systemarchitecture/chapter_3_section_7.html	Trust: 1.6
url:	http://www.securitytracker.com/alerts/2004/sep/1011174.html	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/17291	Trust: 1.1
url:	http://www.securitytracker.com/alerts/2004/sep/1011176.html	Trust: 0.8
url:	http://www.securityfocus.com/bid/11138	Trust: 0.8
url:	http://developer.apple.com/documentation/corefoundation/reference/cfpluginref/reference/introduction.html	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/17291	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/6884	Trust: 0.6

sources: CERT/CC: VU#914870 // CERT/CC: VU#545446 // CERT/CC: VU#704110 // VULHUB: VHN-9251 // CNNVD: CNNVD-200412-949 // NVD: CVE-2004-0821

CREDITS

Apple

Trust: 0.6

sources: CNNVD: CNNVD-200412-949

SOURCES

db:	CERT/CC	id:	VU#914870
db:	CERT/CC	id:	VU#545446
db:	CERT/CC	id:	VU#704110
db:	VULHUB	id:	VHN-9251
db:	BID	id:	11135
db:	CNNVD	id:	CNNVD-200412-949
db:	NVD	id:	CVE-2004-0821

LAST UPDATE DATE

2024-08-14T12:40:54.579000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#914870	date:	2004-09-15T00:00:00
db:	CERT/CC	id:	VU#545446	date:	2004-09-29T00:00:00
db:	CERT/CC	id:	VU#704110	date:	2004-09-09T00:00:00
db:	VULHUB	id:	VHN-9251	date:	2017-07-11T00:00:00
db:	BID	id:	11135	date:	2009-07-12T07:06:00
db:	CNNVD	id:	CNNVD-200412-949	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-0821	date:	2017-07-11T01:30:30.277

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#914870	date:	2004-09-13T00:00:00
db:	CERT/CC	id:	VU#545446	date:	2004-09-09T00:00:00
db:	CERT/CC	id:	VU#704110	date:	2004-09-09T00:00:00
db:	VULHUB	id:	VHN-9251	date:	2004-12-31T00:00:00
db:	BID	id:	11135	date:	2004-09-07T00:00:00
db:	CNNVD	id:	CNNVD-200412-949	date:	2004-09-07T00:00:00
db:	NVD	id:	CVE-2004-0821	date:	2004-12-31T05:00:00