Details of VAR-200412-0026

ID

VAR-200412-0026

CVE

CVE-2004-0825

TITLE

Apple QuickTime Streaming Server vulnerable to DoS

Trust: 0.8

sources: CERT/CC: VU#914870

DESCRIPTION

QuickTime Streaming Server in Mac OS X Server 10.2.8, 10.3.4, and 10.3.5 allows remote attackers to cause a denial of service (application deadlock) via a certain sequence of operations. There is a vulnerability in the Mac OS X CoreFoundation framework that could allow a local attacker to execute arbitrary code. According to the report, remote clients can cause the process to deadlock by issuing a specific sequence of operations. This can render the service inoperable, resulting in a denial of service, until the server is restarted. Mac OS X is an operating system used on Mac machines, based on the BSD system. A reboot is required for normal operation

Trust: 3.42

sources: NVD: CVE-2004-0825 // CERT/CC: VU#914870 // CERT/CC: VU#545446 // CERT/CC: VU#704110 // BID: 11138 // VULHUB: VHN-9255

AFFECTED PRODUCTS

vendor:	apple computer	model:	-	scope:	-	version:	-	Trust: 2.4
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.4	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.5	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.8	Trust: 1.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.8	Trust: 0.3

sources: CERT/CC: VU#914870 // CERT/CC: VU#545446 // CERT/CC: VU#704110 // BID: 11138 // CNNVD: CNNVD-200412-563 // NVD: CVE-2004-0825

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0825
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#914870
value:	1.73
Trust: 0.8
CARNEGIE MELLON:	VU#545446
value:	9.62
Trust: 0.8
CARNEGIE MELLON:	VU#704110
value:	5.91
Trust: 0.8
CNNVD:	CNNVD-200412-563
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-9255
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2004-0825
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-9255
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#914870 // CERT/CC: VU#545446 // CERT/CC: VU#704110 // VULHUB: VHN-9255 // CNNVD: CNNVD-200412-563 // NVD: CVE-2004-0825

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-0825

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-563

TYPE

Unknown

Trust: 0.9

sources: BID: 11138 // CNNVD: CNNVD-200412-563

EXTERNAL IDS

db:	SECUNIA	id:	12491	Trust: 4.1
db:	BID	id:	11138	Trust: 2.8
db:	SECTRACK	id:	1011176	Trust: 2.5
db:	CERT/CC	id:	VU#914870	Trust: 2.5
db:	NVD	id:	CVE-2004-0825	Trust: 2.0
db:	SECTRACK	id:	1011174	Trust: 1.6
db:	CERT/CC	id:	VU#545446	Trust: 0.8
db:	CERT/CC	id:	VU#704110	Trust: 0.8
db:	CNNVD	id:	CNNVD-200412-563	Trust: 0.7
db:	XF	id:	17294	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2004-09-07	Trust: 0.6
db:	CIAC	id:	O-212	Trust: 0.6
db:	BUGTRAQ	id:	20040908 RE: APPLE, APPLE REMOTE DESKTOP CLIENT [MULTIPLE VULNERABILITIES]	Trust: 0.6
db:	NSFOCUS	id:	6888	Trust: 0.6
db:	VULHUB	id:	VHN-9255	Trust: 0.1

sources: CERT/CC: VU#914870 // CERT/CC: VU#545446 // CERT/CC: VU#704110 // VULHUB: VHN-9255 // BID: 11138 // CNNVD: CNNVD-200412-563 // NVD: CVE-2004-0825

REFERENCES

url:	http://www.securityfocus.com/bid/11138	Trust: 2.5
url:	http://docs.info.apple.com/article.html?artnum=61798	Trust: 2.4
url:	http://secunia.com/advisories/12491/	Trust: 2.4
url:	http://www.securityfocus.com/advisories/7148	Trust: 1.7
url:	http://www.kb.cert.org/vuls/id/914870	Trust: 1.7
url:	http://www.ciac.org/ciac/bulletins/o-212.shtml	Trust: 1.7
url:	http://securitytracker.com/id?1011176	Trust: 1.7
url:	http://secunia.com/advisories/12491	Trust: 1.7
url:	http://developer.apple.com/documentation/macosx/conceptual/systemoverview/systemarchitecture/chapter_3_section_7.html	Trust: 1.6
url:	http://www.securitytracker.com/alerts/2004/sep/1011174.html	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/17294	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=109467471617466&w=2	Trust: 1.0
url:	http://www.securitytracker.com/alerts/2004/sep/1011176.html	Trust: 0.8
url:	http://developer.apple.com/documentation/corefoundation/reference/cfpluginref/reference/introduction.html	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/17294	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=109467471617466&w=2	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/6888	Trust: 0.6
url:	http://marc.info/?l=bugtraq&m=109467471617466&w=2	Trust: 0.1

sources: CERT/CC: VU#914870 // CERT/CC: VU#545446 // CERT/CC: VU#704110 // VULHUB: VHN-9255 // CNNVD: CNNVD-200412-563 // NVD: CVE-2004-0825

CREDITS

Apple

Trust: 0.6

sources: CNNVD: CNNVD-200412-563

SOURCES

db:	CERT/CC	id:	VU#914870
db:	CERT/CC	id:	VU#545446
db:	CERT/CC	id:	VU#704110
db:	VULHUB	id:	VHN-9255
db:	BID	id:	11138
db:	CNNVD	id:	CNNVD-200412-563
db:	NVD	id:	CVE-2004-0825

LAST UPDATE DATE

2024-08-14T12:16:40.804000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#914870	date:	2004-09-15T00:00:00
db:	CERT/CC	id:	VU#545446	date:	2004-09-29T00:00:00
db:	CERT/CC	id:	VU#704110	date:	2004-09-09T00:00:00
db:	VULHUB	id:	VHN-9255	date:	2017-07-11T00:00:00
db:	BID	id:	11138	date:	2009-07-12T07:06:00
db:	CNNVD	id:	CNNVD-200412-563	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-0825	date:	2017-07-11T01:30:30.510

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#914870	date:	2004-09-13T00:00:00
db:	CERT/CC	id:	VU#545446	date:	2004-09-09T00:00:00
db:	CERT/CC	id:	VU#704110	date:	2004-09-09T00:00:00
db:	VULHUB	id:	VHN-9255	date:	2004-12-31T00:00:00
db:	BID	id:	11138	date:	2004-09-07T00:00:00
db:	CNNVD	id:	CNNVD-200412-563	date:	2004-09-08T00:00:00
db:	NVD	id:	CVE-2004-0825	date:	2004-12-31T05:00:00