Sign-up

ID

VAR-200501-0323


CVE

CVE-2005-0193


TITLE

Apple MacOS iSync mRouter Cache overflow vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200501-265

DESCRIPTION

Buffer overflow in the (1) -v and (2) -a switches in mRouter in iSync 1.5 in Mac OS X 10.3.7 and earlier allows local users to execute arbitrary code. iSync's 'mRouter' binary is reportedly susceptible to a local command line argument buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied input data prior to copying it into an insufficiently sized memory buffer. The 'mRouter' binary is installed by default with setuid superuser permissions. This vulnerability allows users with local interactive access to a computer with the affected application installed to gain superuser privileges. Apple Mac OS X is a dedicated operating system developed by Apple for Mac computers. A local user could exploit this vulnerability to execute arbitrary code

Trust: 1.26

sources: NVD: CVE-2005-0193 // BID: 12334 // VULHUB: VHN-11402

AFFECTED PRODUCTS

vendor:isyncmodel:mrouterscope:eqversion:1.5

Trust: 1.6

vendor:applemodel:isyncscope:eqversion:1.5

Trust: 0.3

sources: BID: 12334 // CNNVD: CNNVD-200501-265 // NVD: CVE-2005-0193

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-0193
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200501-265
value: HIGH

Trust: 0.6

VULHUB: VHN-11402
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2005-0193
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-11402
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-11402 // CNNVD: CNNVD-200501-265 // NVD: CVE-2005-0193

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-0193

THREAT TYPE

local

Trust: 0.9

sources: BID: 12334 // CNNVD: CNNVD-200501-265

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200501-265

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-11402

EXTERNAL IDS
db:NVDid:CVE-2005-0193
Trust: 2.0
db:BIDid:12334
Trust: 2.0
db:SECUNIAid:13965
Trust: 1.7
db:SECTRACKid:1012974
Trust: 1.7
db:CNNVDid:CNNVD-200501-265
Trust: 0.7
db:APPLEid:APPLE-SA-2005-04-19
Trust: 0.6
db:XFid:19011
Trust: 0.6
db:BUGTRAQid:20050122 MAC OS X 10.3 ISYNC PRIVILEGE ESCALATION
Trust: 0.6
db:EXPLOIT-DBid:766
Trust: 0.1
db:SEEBUGid:SSVID-62978
Trust: 0.1
db:VULHUBid:VHN-11402
Trust: 0.1
sources:
            
            
            VULHUB: VHN-11402 // 
            
            
            
            BID: 12334 // 
            
            
            
            CNNVD: CNNVD-200501-265 // 
            
            
            
            NVD: CVE-2005-0193

REFERENCES
url:http://lists.apple.com/archives/security-announce/2005/apr/msg00001.html
Trust: 1.7
url:http://www.securityfocus.com/bid/12334
Trust: 1.7
url:http://securitytracker.com/id?1012974
Trust: 1.7
url:http://secunia.com/advisories/13965
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/19011
Trust: 1.1
url:http://marc.info/?l=bugtraq&m=110642400018425&w=2
Trust: 1.0
url:http://xforce.iss.net/xforce/xfdb/19011
Trust: 0.6
url:http://marc.theaimsgroup.com/?l=bugtraq&m=110642400018425&w=2
Trust: 0.6
url:http://www.apple.com/isync/
Trust: 0.3
url:/archive/1/387985
Trust: 0.3
url:http://marc.info/?l=bugtraq&m=110642400018425&w=2
Trust: 0.1
sources:
            
            
            VULHUB: VHN-11402 // 
            
            
            
            BID: 12334 // 
            
            
            
            CNNVD: CNNVD-200501-265 // 
            
            
            
            NVD: CVE-2005-0193

CREDITS
Braden Thomas※ bjthomas@usc.edu
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200501-265

SOURCES
db:VULHUBid:VHN-11402
db:BIDid:12334
db:CNNVDid:CNNVD-200501-265
db:NVDid:CVE-2005-0193

LAST UPDATE DATE
2024-08-14T14:48:05.148000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-11402date:2017-07-11T00:00:00
db:BIDid:12334date:2009-07-12T10:06:00
db:CNNVDid:CNNVD-200501-265date:2005-10-20T00:00:00
db:NVDid:CVE-2005-0193date:2017-07-11T01:32:08.140

SOURCES RELEASE DATE
db:VULHUBid:VHN-11402date:2005-01-22T00:00:00
db:BIDid:12334date:2005-01-22T00:00:00
db:CNNVDid:CNNVD-200501-265date:2005-01-22T00:00:00
db:NVDid:CVE-2005-0193date:2005-01-22T05:00:00