Sign-up

ID

VAR-200412-0100


CVE

CVE-2004-0429


TITLE

Apple Mac OS X AppleFileServer fails to properly handle certain authentication requests

Trust: 0.8

sources: CERT/CC: VU#648406

DESCRIPTION

Unknown vulnerability related to "the handling of large requests" in RAdmin for Apple Mac OS X 10.3.3 and Mac OS X 10.2.8 may allow attackers to have unknown impact via unknown attack vectors. There is a buffer overflow vulnerability in the way Apple's AppleFileServer handles certain authentication requests. This vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code. Attackers can use unknown attack vectors to cause unknown effects

Trust: 2.7

sources: NVD: CVE-2004-0429 // CERT/CC: VU#648406 // JVNDB: JVNDB-2004-000933 // BID: 82644 // VULHUB: VHN-8859

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.2.8

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.3.3

Trust: 1.6

vendor:apple computermodel: - scope: - version: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:eqversion: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:eqversion:10.3.3

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:eqversion:10.2.8

Trust: 0.8

vendor:applemodel:mac osscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.8

Trust: 0.3

sources: CERT/CC: VU#648406 // BID: 82644 // JVNDB: JVNDB-2004-000933 // CNNVD: CNNVD-200412-596 // NVD: CVE-2004-0429

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-0429
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#648406
value: 27.42

Trust: 0.8

NVD: CVE-2004-0429
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200412-596
value: CRITICAL

Trust: 0.6

VULHUB: VHN-8859
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2004-0429
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-8859
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#648406 // VULHUB: VHN-8859 // JVNDB: JVNDB-2004-000933 // CNNVD: CNNVD-200412-596 // NVD: CVE-2004-0429

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2004-000933 // NVD: CVE-2004-0429

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-596

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200412-596

PATCH

title:lists.apple.com (msg00000)url:http://lists.apple.com/archives/security-announce/2004/May/msg00000.html

Trust: 0.8

sources: JVNDB: JVNDB-2004-000933

EXTERNAL IDS

db:NVDid:CVE-2004-0429

Trust: 3.6

db:SECUNIAid:11539

Trust: 3.3

db:SECTRACKid:1010045

Trust: 2.5

db:AUSCERTid:ESB-2004.0314

Trust: 2.0

db:XFid:16053

Trust: 0.9

db:SECTRACKid:1010039

Trust: 0.8

db:CERT/CCid:VU#648406

Trust: 0.8

db:JVNDBid:JVNDB-2004-000933

Trust: 0.8

db:CNNVDid:CNNVD-200412-596

Trust: 0.7

db:BUGTRAQid:20040503 [PRODUCT-SECURITY@APPLE.COM: APPLE-SA-2004-05-03 SECURITY UPDATE 2004-05-03]

Trust: 0.6

db:APPLEid:APPLE-SA-2004-05-03

Trust: 0.6

db:CIACid:O-138

Trust: 0.6

db:BIDid:82644

Trust: 0.4

db:VULHUBid:VHN-8859

Trust: 0.1

sources: CERT/CC: VU#648406 // VULHUB: VHN-8859 // BID: 82644 // JVNDB: JVNDB-2004-000933 // CNNVD: CNNVD-200412-596 // NVD: CVE-2004-0429

REFERENCES

url:http://secunia.com/advisories/11539/

Trust: 3.3

url:http://www.ciac.org/ciac/bulletins/o-138.shtml

Trust: 2.5

url:http://securitytracker.com/id?1010045

Trust: 2.5

url:http://lists.apple.com/archives/security-announce/2004/may/msg00000.html

Trust: 2.0

url:http://www.auscert.org.au/render.html?it=4070

Trust: 2.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/16053

Trust: 1.9

url:http://marc.info/?l=bugtraq&m=108369640424244&w=2

Trust: 1.8

url:http://xforce.iss.net/xforce/xfdb/16053

Trust: 0.9

url:http://www.atstake.com/research/advisories/2004/a050304-1.txt

Trust: 0.8

url:http://docs.info.apple.com/article.html?artnum=61798

Trust: 0.8

url:http://www.securiteam.com/securitynews/5qp0115cuo.html

Trust: 0.8

url:http://www.securitytracker.com/alerts/2004/may/1010039.html2

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2004-0429

Trust: 0.8

url:http://marc.theaimsgroup.com/?l=bugtraq&m=108369640424244&w=2

Trust: 0.6

url:https://www.apple.com/osx/

Trust: 0.3

url:http://marc.info/?l=bugtraq&m=108369640424244&w=2

Trust: 0.1

sources: CERT/CC: VU#648406 // VULHUB: VHN-8859 // BID: 82644 // JVNDB: JVNDB-2004-000933 // CNNVD: CNNVD-200412-596 // NVD: CVE-2004-0429

CREDITS

Unknown

Trust: 0.3

sources: BID: 82644

SOURCES

db:CERT/CCid:VU#648406
db:VULHUBid:VHN-8859
db:BIDid:82644
db:JVNDBid:JVNDB-2004-000933
db:CNNVDid:CNNVD-200412-596
db:NVDid:CVE-2004-0429

LAST UPDATE DATE

2024-08-14T12:28:49.227000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#648406date:2004-05-07T00:00:00
db:VULHUBid:VHN-8859date:2017-07-11T00:00:00
db:BIDid:82644date:2004-12-31T00:00:00
db:JVNDBid:JVNDB-2004-000933date:2024-06-07T08:59:00
db:CNNVDid:CNNVD-200412-596date:2005-10-20T00:00:00
db:NVDid:CVE-2004-0429date:2017-07-11T01:30:09.417

SOURCES RELEASE DATE

db:CERT/CCid:VU#648406date:2004-05-07T00:00:00
db:VULHUBid:VHN-8859date:2004-12-31T00:00:00
db:BIDid:82644date:2004-12-31T00:00:00
db:JVNDBid:JVNDB-2004-000933date:2024-06-07T00:00:00
db:CNNVDid:CNNVD-200412-596date:2004-12-31T00:00:00
db:NVDid:CVE-2004-0429date:2004-12-31T05:00:00