Details of VAR-200503-0052

ID

VAR-200503-0052

CVE

CVE-2005-0715

TITLE

Mac OS X Buffer overflow vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200503-122

DESCRIPTION

AFP Server in Mac OS X before 10.3.8 uses insecure permissions for "Drop Boxes," which allows local users to read the contents of a Drop Box. Multiple security vulnerabilities are reported to affect Apple Mac OS X. These issues were disclosed in the referenced vendor advisory. It is reported that because of these insecure permissions local attackers may exploit race conditions. The CVE Mitre candidate ID CAN-2005-0712 is assigned to this issue. This vulnerability is reported to affect Apple Mac OSX, and OSX Server version 10.3.8. Previous versions might also be affected. Core Foundation is reported prone to a local buffer overflow vulnerability. It is reported that this issue may be exploited in any application that is linked against the Core Foundation Library. An attacker may exploit this vulnerability to execute arbitrary code with elevated privileges. The CVE Mitre candidate ID CAN-2005-0716 is assigned to this issue. This vulnerability is reported to affect Apple Mac OSX, and OSX Server version 10.3.8. Previous versions might also be affected. The Bluetooth Setup Assistant application is reported prone to an unspecified security vulnerability. The CVE Mitre candidate ID CAN-2005-0713 is assigned to this issue. This vulnerability is reported to affect Apple Mac OSX, and OSX Server version 10.3.8. Previous versions might also be affected. The AFP server is reported prone to an information disclosure vulnerability. An attacker may exploit this issue to disclose the contents of Drop Boxes. The CVE Mitre candidate ID CAN-2005-0715 is assigned to this issue. This vulnerability is reported to affect Apple Mac OSX, and OSX Server version 10.3.8. Previous versions might also be affected. This BID will be updated and split into unique BIDs as soon as further information is available. The issue arises because file permissions are not properly validated. A buffer overflow vulnerability exists in the Core Foundation libraries bundled with Mac OS X by default, which could allow an attacker to gain root user privileges. The vulnerability is caused by improper handling of the CF_CHARSET_PATH environment variable. If a string larger than 1024 characters is passed through this variable, it may cause a stack overflow, allowing the attacker to control the program flow by overwriting the return address of the function on the stack. Some vulnerable setuid root binaries include su, pppd, and login

Trust: 1.53

sources: NVD: CVE-2005-0715 // BID: 12863 // BID: 13237 // VULHUB: VHN-11924

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.6	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.7	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.4	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.3	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.1	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.5	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.8	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.3	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.5	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.7	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.6	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.2	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.1	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.4	Trust: 1.0
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.8	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.7	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.6	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.5	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.4	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.3	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.2	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.1	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.8	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.7	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.6	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.5	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.4	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.3	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.2	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.1	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3	Trust: 0.6

sources: BID: 12863 // BID: 13237 // CNNVD: CNNVD-200503-122 // NVD: CVE-2005-0715

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-0715
value:	LOW
Trust: 1.0
CNNVD:	CNNVD-200503-122
value:	LOW
Trust: 0.6
VULHUB:	VHN-11924
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2005-0715
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-11924
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-11924 // CNNVD: CNNVD-200503-122 // NVD: CVE-2005-0715

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-0715

THREAT TYPE

network

Trust: 0.6

sources: BID: 12863 // BID: 13237

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200503-122

EXTERNAL IDS

db:	NVD	id:	CVE-2005-0715	Trust: 2.3
db:	CNNVD	id:	CNNVD-200503-122	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2005-03-21	Trust: 0.6
db:	BID	id:	13237	Trust: 0.4
db:	BID	id:	12863	Trust: 0.3
db:	VULHUB	id:	VHN-11924	Trust: 0.1

sources: VULHUB: VHN-11924 // BID: 12863 // BID: 13237 // CNNVD: CNNVD-200503-122 // NVD: CVE-2005-0715

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2005/mar/msg00000.html	Trust: 1.7
url:	http://docs.info.apple.com/article.html?artnum=301061	Trust: 0.3
url:	/archive/1/393858	Trust: 0.3

sources: VULHUB: VHN-11924 // BID: 12863 // CNNVD: CNNVD-200503-122 // NVD: CVE-2005-0715

CREDITS

Adriano Lima

Trust: 0.6

sources: CNNVD: CNNVD-200503-122

SOURCES

db:	VULHUB	id:	VHN-11924
db:	BID	id:	12863
db:	BID	id:	13237
db:	CNNVD	id:	CNNVD-200503-122
db:	NVD	id:	CVE-2005-0715

LAST UPDATE DATE

2024-08-14T12:34:18.198000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-11924	date:	2008-09-05T00:00:00
db:	BID	id:	12863	date:	2009-07-12T10:56:00
db:	BID	id:	13237	date:	2009-07-12T14:06:00
db:	CNNVD	id:	CNNVD-200503-122	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-0715	date:	2008-09-05T20:47:06.303

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-11924	date:	2005-03-21T00:00:00
db:	BID	id:	12863	date:	2005-03-21T00:00:00
db:	BID	id:	13237	date:	2005-04-18T00:00:00
db:	CNNVD	id:	CNNVD-200503-122	date:	2005-03-21T00:00:00
db:	NVD	id:	CVE-2005-0715	date:	2005-03-21T05:00:00