Details of VAR-200505-0081

ID

VAR-200505-0081

CVE

CVE-2005-0712

TITLE

Mac OS X CF_CHARSET_PATH Environment Variable Handling Buffer Overflow Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200505-759

DESCRIPTION

Mac OS X before 10.3.8 users world-writable permissions for certain directories, which may allow local users to gain privileges, possibly via the receipt cache or ColorSync profiles. Multiple security vulnerabilities are reported to affect Apple Mac OS X. These issues were disclosed in the referenced vendor advisory. Insecure permissions are reported to be set on certain Apple Mac OS X folders . It is reported that because of these insecure permissions local attackers may exploit race conditions. The CVE Mitre candidate ID CAN-2005-0712 is assigned to this issue. This vulnerability is reported to affect Apple Mac OSX, and OSX Server version 10.3.8. Previous versions might also be affected. Core Foundation is reported prone to a local buffer overflow vulnerability. It is reported that this issue may be exploited in any application that is linked against the Core Foundation Library. An attacker may exploit this vulnerability to execute arbitrary code with elevated privileges. The CVE Mitre candidate ID CAN-2005-0716 is assigned to this issue. This vulnerability is reported to affect Apple Mac OSX, and OSX Server version 10.3.8. Previous versions might also be affected. The Bluetooth Setup Assistant application is reported prone to an unspecified security vulnerability. The CVE Mitre candidate ID CAN-2005-0713 is assigned to this issue. This vulnerability is reported to affect Apple Mac OSX, and OSX Server version 10.3.8. Previous versions might also be affected. The AFP server is reported prone to an information disclosure vulnerability. An attacker may exploit this issue to disclose the contents of Drop Boxes. The CVE Mitre candidate ID CAN-2005-0715 is assigned to this issue. This vulnerability is reported to affect Apple Mac OSX, and OSX Server version 10.3.8. Previous versions might also be affected. This BID will be updated and split into unique BIDs as soon as further information is available. The insecure permissions are on folders that contain the installer 'receipt cache' and 'system-level ColorSync profiles'. Mac OS X bundled by default in Core Foundation A buffer overflow vulnerability exists in the library that could allow an attacker to obtain root User rights

Trust: 1.53

sources: NVD: CVE-2005-0712 // BID: 12863 // BID: 13220 // VULHUB: VHN-11921

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.4	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1	Trust: 1.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.8	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.7	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.6	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.5	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.4	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.3	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.2	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.1	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.8	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.7	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.6	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.5	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.4	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.3	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.2	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.1	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3	Trust: 0.6

sources: BID: 12863 // BID: 13220 // CNNVD: CNNVD-200505-759 // NVD: CVE-2005-0712

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-0712
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200505-759
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-11921
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2005-0712
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-11921
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-11921 // CNNVD: CNNVD-200505-759 // NVD: CVE-2005-0712

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-0712

THREAT TYPE

local

Trust: 0.9

sources: BID: 13220 // CNNVD: CNNVD-200505-759

TYPE

Design Error

Trust: 0.9

sources: BID: 13220 // CNNVD: CNNVD-200505-759

EXTERNAL IDS

db:	NVD	id:	CVE-2005-0712	Trust: 2.3
db:	CNNVD	id:	CNNVD-200505-759	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2005-03-21	Trust: 0.6
db:	BID	id:	13220	Trust: 0.4
db:	BID	id:	12863	Trust: 0.3
db:	VULHUB	id:	VHN-11921	Trust: 0.1

sources: VULHUB: VHN-11921 // BID: 12863 // BID: 13220 // CNNVD: CNNVD-200505-759 // NVD: CVE-2005-0712

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2005/mar/msg00000.html	Trust: 1.7
url:	http://docs.info.apple.com/article.html?artnum=301061	Trust: 0.3
url:	/archive/1/393858	Trust: 0.3

sources: VULHUB: VHN-11921 // BID: 12863 // CNNVD: CNNVD-200505-759 // NVD: CVE-2005-0712

CREDITS

Adriano Lima

Trust: 0.6

sources: CNNVD: CNNVD-200505-759

SOURCES

db:	VULHUB	id:	VHN-11921
db:	BID	id:	12863
db:	BID	id:	13220
db:	CNNVD	id:	CNNVD-200505-759
db:	NVD	id:	CVE-2005-0712

LAST UPDATE DATE

2024-08-14T12:08:35.408000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-11921	date:	2008-09-10T00:00:00
db:	BID	id:	12863	date:	2009-07-12T10:56:00
db:	BID	id:	13220	date:	2009-07-12T14:06:00
db:	CNNVD	id:	CNNVD-200505-759	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-0712	date:	2008-09-10T19:36:49.103

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-11921	date:	2005-05-02T00:00:00
db:	BID	id:	12863	date:	2005-03-21T00:00:00
db:	BID	id:	13220	date:	2005-03-22T00:00:00
db:	CNNVD	id:	CNNVD-200505-759	date:	2005-03-22T00:00:00
db:	NVD	id:	CVE-2005-0712	date:	2005-05-02T04:00:00