Details of VAR-200501-0019

ID

VAR-200501-0019

CVE

CVE-2004-0921

TITLE

Apple MacOS AFP Denial of service vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200501-285

DESCRIPTION

AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an AFP volume, allows the guest to "terminate authenticated user mounts" via modified SessionDestroy packets. Multiple security vulnerabilities are reported in Mac OS X. A security update is available to address these issues and to provide other enhancements. The following issues are reported: Apple AFP server is reported prone to a remote denial of service vulnerability. A weak permissions vulnerability is reported to affect the AFP server. This may result in a false sense of security for an administrator. A vulnerability is reported to exist in the NetInfoManager utility. It is reported that the utility will, under certain circumstances, report the status of certain accounts as disabled when they are not. A heap-based buffer overrun is reported to exist in the QuickTime utility. An attacker may exploit this vulnerability to execute arbitrary instructions in the context of the user that is running the vulnerable software. Finally, ServerAdmin is reported prone to a weak default configuration vulnerability. This may result in ServerAdmin traffic being intercepted and decrypted by a remote attacker. This vulnerability has been split into BID 11344. Some of these issues may already be described in previous BIDs. This BID will be split up into unique BIDs when further analysis of this update is complete

Trust: 1.26

sources: NVD: CVE-2004-0921 // BID: 11322 // VULHUB: VHN-9351

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.6	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.5	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.5	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.4	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.3	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.1	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.2	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.8	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.7	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	6.5.1	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	6.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.7	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	6.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.2	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	6.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.4	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	5.0.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.8	Trust: 1.0
vendor:	apple	model:	quicktime player	scope:	eq	version:	6.5.1	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	6.5	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	ne	version:	6.5.2	Trust: 0.3

sources: BID: 11322 // CNNVD: CNNVD-200501-285 // NVD: CVE-2004-0921

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0921
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200501-285
value:	HIGH
Trust: 0.6
VULHUB:	VHN-9351
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-0921
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-9351
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-9351 // CNNVD: CNNVD-200501-285 // NVD: CVE-2004-0921

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-0921

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200501-285

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200501-285

EXTERNAL IDS

db:	NVD	id:	CVE-2004-0921	Trust: 2.0
db:	BID	id:	11322	Trust: 2.0
db:	CNNVD	id:	CNNVD-200501-285	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2004-09-30	Trust: 0.6
db:	VULHUB	id:	VHN-9351	Trust: 0.1

sources: VULHUB: VHN-9351 // BID: 11322 // CNNVD: CNNVD-200501-285 // NVD: CVE-2004-0921

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2004/oct/msg00000.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/11322	Trust: 1.7

sources: VULHUB: VHN-9351 // CNNVD: CNNVD-200501-285 // NVD: CVE-2004-0921

CREDITS

Apple

Trust: 0.6

sources: CNNVD: CNNVD-200501-285

SOURCES

db:	VULHUB	id:	VHN-9351
db:	BID	id:	11322
db:	CNNVD	id:	CNNVD-200501-285
db:	NVD	id:	CVE-2004-0921

LAST UPDATE DATE

2024-08-14T12:06:24.328000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-9351	date:	2008-09-05T00:00:00
db:	BID	id:	11322	date:	2009-07-12T07:06:00
db:	CNNVD	id:	CNNVD-200501-285	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-0921	date:	2008-09-05T20:39:47.623

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-9351	date:	2005-01-27T00:00:00
db:	BID	id:	11322	date:	2004-10-04T00:00:00
db:	CNNVD	id:	CNNVD-200501-285	date:	2004-10-04T00:00:00
db:	NVD	id:	CVE-2004-0921	date:	2005-01-27T05:00:00