Details of VAR-200503-0051

ID

VAR-200503-0051

CVE

CVE-2005-0713

TITLE

Mac OS X CF_CHARSET_PATH Environment Variable Handling Buffer Overflow Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200503-123

DESCRIPTION

The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be launched without a keyboard or Bluetooth device, which allows local users to bypass access restrictions and gain privileges. Multiple security vulnerabilities are reported to affect Apple Mac OS X. These issues were disclosed in the referenced vendor advisory. Insecure permissions are reported to be set on certain Apple Mac OS X folders . It is reported that because of these insecure permissions local attackers may exploit race conditions. The CVE Mitre candidate ID CAN-2005-0712 is assigned to this issue. This vulnerability is reported to affect Apple Mac OSX, and OSX Server version 10.3.8. Previous versions might also be affected. Core Foundation is reported prone to a local buffer overflow vulnerability. It is reported that this issue may be exploited in any application that is linked against the Core Foundation Library. An attacker may exploit this vulnerability to execute arbitrary code with elevated privileges. The CVE Mitre candidate ID CAN-2005-0716 is assigned to this issue. This vulnerability is reported to affect Apple Mac OSX, and OSX Server version 10.3.8. Previous versions might also be affected. The Bluetooth Setup Assistant application is reported prone to an unspecified security vulnerability. The CVE Mitre candidate ID CAN-2005-0713 is assigned to this issue. This vulnerability is reported to affect Apple Mac OSX, and OSX Server version 10.3.8. Previous versions might also be affected. The AFP server is reported prone to an information disclosure vulnerability. An attacker may exploit this issue to disclose the contents of Drop Boxes. The CVE Mitre candidate ID CAN-2005-0715 is assigned to this issue. This vulnerability is reported to affect Apple Mac OSX, and OSX Server version 10.3.8. Previous versions might also be affected. This BID will be updated and split into unique BIDs as soon as further information is available. Exploitation could allow an attacker to bypass local security settings. The vulnerability is caused by improper handling of the CF_CHARSET_PATH environment variable. If a string larger than 1024 characters is passed through this variable, it may cause a stack overflow, allowing the attacker to control the program flow by overwriting the return address of the function on the stack. Some vulnerable setuid root binaries include su, pppd, and login

Trust: 1.53

sources: NVD: CVE-2005-0713 // BID: 12863 // BID: 13226 // VULHUB: VHN-11922

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.6	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.7	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.4	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.3	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.1	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.5	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.8	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.3	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.5	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.7	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.6	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.2	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.1	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.4	Trust: 1.0
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.8	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.7	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.6	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.5	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.4	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.3	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.2	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.1	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.8	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.7	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.6	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.5	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.4	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.3	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.2	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.1	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3	Trust: 0.6

sources: BID: 12863 // BID: 13226 // CNNVD: CNNVD-200503-123 // NVD: CVE-2005-0713

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-0713
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200503-123
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-11922
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2005-0713
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-11922
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-11922 // CNNVD: CNNVD-200503-123 // NVD: CVE-2005-0713

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-0713

THREAT TYPE

local

Trust: 0.9

sources: BID: 13226 // CNNVD: CNNVD-200503-123

TYPE

Unknown

Trust: 0.6

sources: BID: 12863 // BID: 13226

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-11922

EXTERNAL IDS

db:	NVD	id:	CVE-2005-0713	Trust: 2.3
db:	CNNVD	id:	CNNVD-200503-123	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2005-03-21	Trust: 0.6
db:	BID	id:	13226	Trust: 0.4
db:	BID	id:	12863	Trust: 0.3
db:	SEEBUG	id:	SSVID-78922	Trust: 0.1
db:	EXPLOIT-DB	id:	25256	Trust: 0.1
db:	VULHUB	id:	VHN-11922	Trust: 0.1

sources: VULHUB: VHN-11922 // BID: 12863 // BID: 13226 // CNNVD: CNNVD-200503-123 // NVD: CVE-2005-0713

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2005/mar/msg00000.html	Trust: 1.7
url:	http://docs.info.apple.com/article.html?artnum=301061	Trust: 0.3
url:	/archive/1/393858	Trust: 0.3

sources: VULHUB: VHN-11922 // BID: 12863 // CNNVD: CNNVD-200503-123 // NVD: CVE-2005-0713

CREDITS

Adriano Lima

Trust: 0.6

sources: CNNVD: CNNVD-200503-123

SOURCES

db:	VULHUB	id:	VHN-11922
db:	BID	id:	12863
db:	BID	id:	13226
db:	CNNVD	id:	CNNVD-200503-123
db:	NVD	id:	CVE-2005-0713

LAST UPDATE DATE

2024-08-14T12:39:54.135000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-11922	date:	2008-09-05T00:00:00
db:	BID	id:	12863	date:	2009-07-12T10:56:00
db:	BID	id:	13226	date:	2009-07-12T14:06:00
db:	CNNVD	id:	CNNVD-200503-123	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-0713	date:	2008-09-05T20:47:06.007

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-11922	date:	2005-03-21T00:00:00
db:	BID	id:	12863	date:	2005-03-21T00:00:00
db:	BID	id:	13226	date:	2005-03-22T00:00:00
db:	CNNVD	id:	CNNVD-200503-123	date:	2005-03-21T00:00:00
db:	NVD	id:	CVE-2005-0713	date:	2005-03-21T05:00:00