Details of VAR-200505-0351

ID

VAR-200505-0351

CVE

CVE-2005-1332

TITLE

Apple Mac OS X with Bluetooth enabled may allow file exchange without prompting users

Trust: 0.8

sources: CERT/CC: VU#258390

DESCRIPTION

Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth file exchange service by default, which allows remote attackers to access files without the user being notified, and local users to access files via the default directory. An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code. Apple Mac OS X Directory Service utilities use external programs insecurely, potentially allowing an attacker to execute arbitrary code. Due to the availability of more information, this issue is being assigned a new BID. Apple has supported Bluetooth devices since Mac OSX 10.2

Trust: 4.86

sources: NVD: CVE-2005-1332 // CERT/CC: VU#258390 // CERT/CC: VU#356070 // CERT/CC: VU#539110 // CERT/CC: VU#706838 // CERT/CC: VU#331694 // BID: 13494 // VULHUB: VHN-12541

AFFECTED PRODUCTS

vendor:	apple computer	model:	-	scope:	-	version:	-	Trust: 4.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.9	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.9	Trust: 1.6
vendor:	red hat	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	sun microsystems	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.9	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3	Trust: 0.3

sources: CERT/CC: VU#258390 // CERT/CC: VU#356070 // CERT/CC: VU#539110 // CERT/CC: VU#706838 // CERT/CC: VU#331694 // BID: 13494 // CNNVD: CNNVD-200505-899 // NVD: CVE-2005-1332

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-1332
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#258390
value:	2.03
Trust: 0.8
CARNEGIE MELLON:	VU#356070
value:	22.31
Trust: 0.8
CARNEGIE MELLON:	VU#539110
value:	5.04
Trust: 0.8
CARNEGIE MELLON:	VU#706838
value:	9.38
Trust: 0.8
CARNEGIE MELLON:	VU#331694
value:	15.94
Trust: 0.8
CNNVD:	CNNVD-200505-899
value:	HIGH
Trust: 0.6
VULHUB:	VHN-12541
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2005-1332
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-12541
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#258390 // CERT/CC: VU#356070 // CERT/CC: VU#539110 // CERT/CC: VU#706838 // CERT/CC: VU#331694 // VULHUB: VHN-12541 // CNNVD: CNNVD-200505-899 // NVD: CVE-2005-1332

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-1332

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200505-899

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200505-899

EXTERNAL IDS

db:	SECUNIA	id:	15227	Trust: 4.0
db:	CERT/CC	id:	VU#258390	Trust: 2.5
db:	NVD	id:	CVE-2005-1332	Trust: 2.0
db:	USCERT	id:	TA05-136A	Trust: 1.7
db:	OSVDB	id:	16084	Trust: 0.8
db:	BID	id:	13502	Trust: 0.8
db:	CERT/CC	id:	VU#356070	Trust: 0.8
db:	SECTRACK	id:	1012651	Trust: 0.8
db:	SECUNIA	id:	13607	Trust: 0.8
db:	CERT/CC	id:	VU#539110	Trust: 0.8
db:	OSVDB	id:	16085	Trust: 0.8
db:	SECTRACK	id:	1013887	Trust: 0.8
db:	CERT/CC	id:	VU#706838	Trust: 0.8
db:	OSVDB	id:	16075	Trust: 0.8
db:	XF	id:	20376	Trust: 0.8
db:	CERT/CC	id:	VU#331694	Trust: 0.8
db:	CNNVD	id:	CNNVD-200505-899	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2005-05-03	Trust: 0.6
db:	CERT/CC	id:	TA05-136A	Trust: 0.6
db:	BID	id:	13494	Trust: 0.4
db:	VULHUB	id:	VHN-12541	Trust: 0.1

sources: CERT/CC: VU#258390 // CERT/CC: VU#356070 // CERT/CC: VU#539110 // CERT/CC: VU#706838 // CERT/CC: VU#331694 // VULHUB: VHN-12541 // BID: 13494 // CNNVD: CNNVD-200505-899 // NVD: CVE-2005-1332

REFERENCES

url:	http://secunia.com/advisories/15227/	Trust: 4.0
url:	http://docs.info.apple.com/article.html?artnum=301528	Trust: 3.2
url:	http://www.digitalmunition.com/dma%5b2005-0502a%5d.txt	Trust: 2.8
url:	http://lists.apple.com/archives/security-announce/2005/may/msg00001.html	Trust: 1.7
url:	http://www.us-cert.gov/cas/techalerts/ta05-136a.html	Trust: 1.7
url:	http://www.kb.cert.org/vuls/id/258390	Trust: 1.7
url:	http://docs.info.apple.com/article.html?artnum=301381	Trust: 1.7
url:	http://remahl.se/david/vuln/011/	Trust: 0.8
url:	http://www.securityfocus.com/bid/13502/	Trust: 0.8
url:	http://www.osvdb.org/displayvuln.php?osvdb_id=16084	Trust: 0.8
url:	http://securitytracker.com/alerts/2004/dec/1012651.html	Trust: 0.8
url:	http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities	Trust: 0.8
url:	http://secunia.com/advisories/13607/	Trust: 0.8
url:	http://www.idefense.com/application/poi/display?id=240&type=vulnerabilities	Trust: 0.8
url:	http://www.securityfocus.org/bid/13488	Trust: 0.8
url:	http://www.securitytracker.com/alerts/2005/may/1013887.html	Trust: 0.8
url:	http://www.osvdb.org/displayvuln.php?osvdb_id=16085	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/20376	Trust: 0.8
url:	http://www.apple.com/server/macosx/	Trust: 0.8
url:	http://www.osvdb.org/16075	Trust: 0.8

CREDITS

Kevin Finisterre※ dotslash@snosoft.com

Trust: 0.6

sources: CNNVD: CNNVD-200505-899

SOURCES

db:	CERT/CC	id:	VU#258390
db:	CERT/CC	id:	VU#356070
db:	CERT/CC	id:	VU#539110
db:	CERT/CC	id:	VU#706838
db:	CERT/CC	id:	VU#331694
db:	VULHUB	id:	VHN-12541
db:	BID	id:	13494
db:	CNNVD	id:	CNNVD-200505-899
db:	NVD	id:	CVE-2005-1332

LAST UPDATE DATE

2025-02-04T19:36:54.555000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#258390	date:	2005-05-16T00:00:00
db:	CERT/CC	id:	VU#356070	date:	2005-05-16T00:00:00
db:	CERT/CC	id:	VU#539110	date:	2005-08-23T00:00:00
db:	CERT/CC	id:	VU#706838	date:	2005-05-24T00:00:00
db:	CERT/CC	id:	VU#331694	date:	2005-05-25T00:00:00
db:	VULHUB	id:	VHN-12541	date:	2008-09-05T00:00:00
db:	BID	id:	13494	date:	2009-07-12T14:06:00
db:	CNNVD	id:	CNNVD-200505-899	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-1332	date:	2024-11-20T23:57:06.427

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#258390	date:	2005-05-09T00:00:00
db:	CERT/CC	id:	VU#356070	date:	2005-05-06T00:00:00
db:	CERT/CC	id:	VU#539110	date:	2005-01-20T00:00:00
db:	CERT/CC	id:	VU#706838	date:	2005-05-16T00:00:00
db:	CERT/CC	id:	VU#331694	date:	2005-05-16T00:00:00
db:	VULHUB	id:	VHN-12541	date:	2005-05-04T00:00:00
db:	BID	id:	13494	date:	2005-05-04T00:00:00
db:	CNNVD	id:	CNNVD-200505-899	date:	2005-05-04T00:00:00
db:	NVD	id:	CVE-2005-1332	date:	2005-05-04T04:00:00