Sign-up

ID

VAR-200505-0193


CVE

CVE-2005-0594


TITLE

Apple Mac OS X Server NetInfo Setup Tool fails to validate command line parameters

Trust: 0.8

sources: CERT/CC: VU#354486

DESCRIPTION

Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to execute arbitrary code. Apple Mac OS X Directory Service utilities use external programs insecurely, potentially allowing an attacker to execute arbitrary code. The vulnerability presents itself when the application handles excessive string values through a command line parameter. An attacker can gain superuser privileges by exploiting this issue. Due to the availability of more information, this issue is being assinged a new BID. Netinfo Setup Tool (NeST) is a SUID tool

Trust: 4.86

sources: NVD: CVE-2005-0594 // CERT/CC: VU#354486 // CERT/CC: VU#356070 // CERT/CC: VU#539110 // CERT/CC: VU#706838 // CERT/CC: VU#331694 // BID: 13486 // VULHUB: VHN-11803

AFFECTED PRODUCTS

vendor:apple computermodel: - scope: - version: -

Trust: 4.0

vendor:applemodel:mac os x serverscope:eqversion:10.3.9

Trust: 1.6

vendor:red hatmodel: - scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3

Trust: 0.3

sources: CERT/CC: VU#354486 // CERT/CC: VU#356070 // CERT/CC: VU#539110 // CERT/CC: VU#706838 // CERT/CC: VU#331694 // BID: 13486 // CNNVD: CNNVD-200505-898 // NVD: CVE-2005-0594

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-0594
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#354486
value: 10.69

Trust: 0.8

CARNEGIE MELLON: VU#356070
value: 22.31

Trust: 0.8

CARNEGIE MELLON: VU#539110
value: 5.04

Trust: 0.8

CARNEGIE MELLON: VU#706838
value: 9.38

Trust: 0.8

CARNEGIE MELLON: VU#331694
value: 15.94

Trust: 0.8

CNNVD: CNNVD-200505-898
value: HIGH

Trust: 0.6

VULHUB: VHN-11803
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2005-0594
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-11803
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#354486 // CERT/CC: VU#356070 // CERT/CC: VU#539110 // CERT/CC: VU#706838 // CERT/CC: VU#331694 // VULHUB: VHN-11803 // CNNVD: CNNVD-200505-898 // NVD: CVE-2005-0594

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-0594

THREAT TYPE

local

Trust: 0.9

sources: BID: 13486 // CNNVD: CNNVD-200505-898

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200505-898

EXTERNAL IDS

db:SECUNIAid:15227

Trust: 4.0

db:CERT/CCid:VU#354486

Trust: 2.5

db:NVDid:CVE-2005-0594

Trust: 2.0

db:USCERTid:TA05-136A

Trust: 1.7

db:OSVDBid:16084

Trust: 0.8

db:BIDid:13502

Trust: 0.8

db:CERT/CCid:VU#356070

Trust: 0.8

db:SECTRACKid:1012651

Trust: 0.8

db:SECUNIAid:13607

Trust: 0.8

db:CERT/CCid:VU#539110

Trust: 0.8

db:OSVDBid:16085

Trust: 0.8

db:SECTRACKid:1013887

Trust: 0.8

db:CERT/CCid:VU#706838

Trust: 0.8

db:OSVDBid:16075

Trust: 0.8

db:XFid:20376

Trust: 0.8

db:CERT/CCid:VU#331694

Trust: 0.8

db:CNNVDid:CNNVD-200505-898

Trust: 0.7

db:APPLEid:APPLE-SA-2005-05-03

Trust: 0.6

db:CERT/CCid:TA05-136A

Trust: 0.6

db:BIDid:13486

Trust: 0.4

db:VULHUBid:VHN-11803

Trust: 0.1

sources: CERT/CC: VU#354486 // CERT/CC: VU#356070 // CERT/CC: VU#539110 // CERT/CC: VU#706838 // CERT/CC: VU#331694 // VULHUB: VHN-11803 // BID: 13486 // CNNVD: CNNVD-200505-898 // NVD: CVE-2005-0594

REFERENCES

url:http://secunia.com/advisories/15227/

Trust: 4.0

url:http://docs.info.apple.com/article.html?artnum=301528

Trust: 3.2

url:http://lists.apple.com/archives/security-announce/2005/may/msg00001.html

Trust: 1.7

url:http://www.us-cert.gov/cas/techalerts/ta05-136a.html

Trust: 1.7

url:http://www.kb.cert.org/vuls/id/354486

Trust: 1.7

url:http://www.idefense.com/application/poi/display?id=239

Trust: 0.8

url:http://remahl.se/david/vuln/011/

Trust: 0.8

url:http://www.securityfocus.com/bid/13502/

Trust: 0.8

url:http://www.osvdb.org/displayvuln.php?osvdb_id=16084

Trust: 0.8

url:http://securitytracker.com/alerts/2004/dec/1012651.html

Trust: 0.8

url:http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities

Trust: 0.8

url:http://secunia.com/advisories/13607/

Trust: 0.8

url:http://www.idefense.com/application/poi/display?id=240&type=vulnerabilities

Trust: 0.8

url:http://www.securityfocus.org/bid/13488

Trust: 0.8

url:http://www.securitytracker.com/alerts/2005/may/1013887.html

Trust: 0.8

url:http://www.osvdb.org/displayvuln.php?osvdb_id=16085

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/20376

Trust: 0.8

url:http://www.apple.com/server/macosx/

Trust: 0.8

url:http://www.osvdb.org/16075

Trust: 0.8

url:http://www.idefense.com/intelligence/vulnerabilities/display.php?type=vulnerabilities&id=239

Trust: 0.3

url:http://www.apple.com

Trust: 0.3

sources: CERT/CC: VU#354486 // CERT/CC: VU#356070 // CERT/CC: VU#539110 // CERT/CC: VU#706838 // CERT/CC: VU#331694 // VULHUB: VHN-11803 // BID: 13486 // CNNVD: CNNVD-200505-898 // NVD: CVE-2005-0594

CREDITS

Nico

Trust: 0.6

sources: CNNVD: CNNVD-200505-898

SOURCES

db:CERT/CCid:VU#354486
db:CERT/CCid:VU#356070
db:CERT/CCid:VU#539110
db:CERT/CCid:VU#706838
db:CERT/CCid:VU#331694
db:VULHUBid:VHN-11803
db:BIDid:13486
db:CNNVDid:CNNVD-200505-898
db:NVDid:CVE-2005-0594

LAST UPDATE DATE

2024-11-23T20:39:57.013000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#354486date:2005-05-17T00:00:00
db:CERT/CCid:VU#356070date:2005-05-16T00:00:00
db:CERT/CCid:VU#539110date:2005-08-23T00:00:00
db:CERT/CCid:VU#706838date:2005-05-24T00:00:00
db:CERT/CCid:VU#331694date:2005-05-25T00:00:00
db:VULHUBid:VHN-11803date:2008-09-05T00:00:00
db:BIDid:13486date:2009-07-12T14:06:00
db:CNNVDid:CNNVD-200505-898date:2005-10-20T00:00:00
db:NVDid:CVE-2005-0594date:2024-11-20T23:55:28.627

SOURCES RELEASE DATE

db:CERT/CCid:VU#354486date:2005-05-16T00:00:00
db:CERT/CCid:VU#356070date:2005-05-06T00:00:00
db:CERT/CCid:VU#539110date:2005-01-20T00:00:00
db:CERT/CCid:VU#706838date:2005-05-16T00:00:00
db:CERT/CCid:VU#331694date:2005-05-16T00:00:00
db:VULHUBid:VHN-11803date:2005-05-04T00:00:00
db:BIDid:13486date:2005-05-03T00:00:00
db:CNNVDid:CNNVD-200505-898date:2005-05-04T00:00:00
db:NVDid:CVE-2005-0594date:2005-05-04T04:00:00