ID

VAR-200505-0359


CVE

CVE-2005-1341


TITLE

Apple Mac OS X AppleScript Editor code confusing vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200505-902

DESCRIPTION

Apple Terminal 1.4.4 allows attackers to execute arbitrary commands via terminal escape sequences. Apple Mac OS X Terminal is reported prone to an input validation vulnerability. A vulnerability exists in Apple Mac OS X's handling of AppleScript links, which could be exploited by remote attackers to lure users into executing malicious code. <http://docs.info.apple.com/article.html?artnum=301528>. This email contains brief summaries of the problems. Full details can be found on my web site <http://remahl.se/david/vuln/>. Description: help: URI handler execution of JavaScripts with known paths vulnerability My name: DR004 <http://remahl.se/david/vuln/004/> CVE: CAN-2005-1337 [yes, cool, isn't it ;-)] Summary: The Help Viewer application allows JavaScript and is thus vulnerable to having scripts with arbitrary paths run with the privileges granted to file: protocol URIs. The files can be started with a URI on the form of help:///path/to/file.html. Combined with XMLHttpRequest's ability to disclose arbitrary files, this security bug becomes critcal. Description: Invisible characters in applescript: URL protocol messaging vulnerability My name: DR010 <http://remahl.se/david/vuln/010/> CVE: CAN-2005-1331 Summary: URL Protocol Messaging is a technique used by Script Editor to facilitate sharing of AppleScripts between users. By clicking a link (for example in a web forum), a user can create a new Script Editor document automatically, with text from the query string of the URI. This avoids problems with copying text from the web or manually typing code snippets. However, the technique can be used to trick users into running dangerous code (with embedded control characters), since insufficient input validation is performed. Description: Mac OS X terminal emulators allow reading and writing of window title through escape sequences My name: DR012 <http://remahl.se/david/vuln/012/> CVE: CAN-2005-1341 Summary: Apple Terminal (often referred to as Terminal.app) and xterm which both ship with current versions of Mac OS X are vulnerable to a well-known type of attack when displaying untrusted content. I would like to acknowledge the willingness of Apple's Product Security team to cooperate with me in resolving these issues. CERT's assistance has also been helpful. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Impacts of other vulnerabilities addressed by the update include disclosure of information and denial of service. I. (CAN-2005-1342) VU#882750 - libXpm image library vulnerable to buffer overflow libXpm image parsing code contains a buffer-overflow vulnerability that may allow a remote attacker execute arbitrary code or cause a denial-of-service condition. (CAN-2004-0687) VU#125598 - LibTIFF vulnerable to integer overflow via corrupted directory entry count An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code. (CAN-2004-1308) VU#539110 - LibTIFF vulnerable to integer overflow in the TIFFFetchStrip() routine An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code. (CAN-2004-1307) VU#537878 - libXpm library contains multiple integer overflow vulnerabilities libXpm contains multiple integer-overflow vulnerabilities that may allow a remote attacker execute arbitrary code or cause a denial-of-service condition. (CAN-2004-0688) VU#331694 - Apple Mac OS X chpass/chfn/chsh utilities do not properly validate external programs Mac OS X Directory Service utilities do not properly validate code paths to external programs, potentially allowing a local attacker to execute arbitrary code. (CAN-2004-1335) VU#582934 - Apple Mac OS X Foundation framework vulnerable to buffer overflow via incorrect handling of an environmental variable A buffer overflow in Mac OS X's Foundation Framework's processing of environment variables may lead to elevated privileges. (CAN-2004-1332) VU#354486 - Apple Mac OS X Server Netinfo Setup Tool fails to validate command line parameters Apple Mac OS X Server NeST tool contains a vulnerability in the processing of command line arguments that could allow a local attacker to execute arbitrary code. (CAN-2004-0594) Please note that Apple Security Update 2005-005 addresses additional vulnerabilities not described above. As further information becomes available, we will publish individual Vulnerability Notes. II. Impact The impacts of these vulnerabilities vary, for information about specific impacts please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands, disclosure of sensitive information, and denial of service. III. Solution Install an Update Install the update as described in Apple Security Update 2005-005. Appendix A. References * US-CERT Vulnerability Note VU#582934 - <http://www.kb.cert.org/vuls/id/582934> * US-CERT Vulnerability Note VU#258390 - <http://www.kb.cert.org/vuls/id/258390> * US-CERT Vulnerability Note VU#331694 - <http://www.kb.cert.org/vuls/id/331694> * US-CERT Vulnerability Note VU#706838 - <http://www.kb.cert.org/vuls/id/706838> * US-CERT Vulnerability Note VU#539110 - <http://www.kb.cert.org/vuls/id/539110> * US-CERT Vulnerability Note VU#354486 - <http://www.kb.cert.org/vuls/id/354486> * US-CERT Vulnerability Note VU#882750 - <http://www.kb.cert.org/vuls/id/882750> * US-CERT Vulnerability Note VU#537878 - <http://www.kb.cert.org/vuls/id/537878> * US-CERT Vulnerability Note VU#125598 - <http://www.kb.cert.org/vuls/id/125598> * US-CERT Vulnerability Note VU#356070 - <http://www.kb.cert.org/vuls/id/356070> * Apple Security Update 2005-005 - <http://docs.info.apple.com/article.html?artnum=301528> _________________________________________________________________ These vulnerabilities were discovered by several people and reported in Apple Security Update 2005-005. Please see the Vulnerability Notes for individual reporter acknowledgements. _________________________________________________________________ Feedback can be directed to the authors: Jeffrey Gennari and Jason Rafail. _________________________________________________________________ Copyright 2005 Carnegie Mellon University. Terms of use Revision History May 16, 2005: Initial release Last updated May 16, 2005 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQojwRBhoSezw4YfQAQKb1gf/a7XQAZQR+t5+FpzRoUrJyVIg3Mf1IISP yS5GLgfwC+4GuDEd/BA51+591OhNAWa1hO2JAUQwJ799VL7vAY6vbDW84c+S0eQ+ J+FHgddUsuvRtmsXCg2Fin1JRG4hCqBQ9q2S0h4+fM7yWSdLOY7xeAAwPOwG+bsU AVjDMNiPACHxw7CNQ8qpPXFfo3qrV+oj55F62TbR0fujtil6yQR3lE9wSeiuLs/i KgQFZlHMEoAwQnghwLk7eQLkzGD9eAZ+pZ7Ny0AvF7avhGflh2nFNe2acFoJ2Iw7 /gMXj/uN/ZpDssS37y38LIvyA3kIQrSlEW7iKf1wi2eQ3ntjyv/9NA== =uqBU -----END PGP SIGNATURE-----

Trust: 1.53

sources: NVD: CVE-2005-1341 // BID: 13503 // VULHUB: VHN-12550 // VULMON: CVE-2005-1341 // PACKETSTORM: 38718 // PACKETSTORM: 39271

AFFECTED PRODUCTS

vendor:applemodel:mac os x serverscope:eqversion:10.3.5

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.3.8

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.3

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.3.6

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.3.7

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.3.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.3.3

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.3.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.3.9

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.3.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.3.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.8

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.5

Trust: 1.0

vendor:applemodel:terminalscope:eqversion:1.4.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.7

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.9

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.3

Trust: 1.0

vendor:applemodel:mac os serverscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3

Trust: 0.3

sources: BID: 13503 // CNNVD: CNNVD-200505-902 // NVD: CVE-2005-1341

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-1341
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200505-902
value: MEDIUM

Trust: 0.6

VULHUB: VHN-12550
value: MEDIUM

Trust: 0.1

VULMON: CVE-2005-1341
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2005-1341
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-12550
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-12550 // VULMON: CVE-2005-1341 // CNNVD: CNNVD-200505-902 // NVD: CVE-2005-1341

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-1341

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 39271 // CNNVD: CNNVD-200505-902

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200505-902

EXTERNAL IDS

db:NVDid:CVE-2005-1341

Trust: 2.2

db:BIDid:13480

Trust: 1.8

db:OSVDBid:16083

Trust: 1.8

db:VUPENid:ADV-2005-0455

Trust: 1.8

db:SECUNIAid:15227

Trust: 1.8

db:SECTRACKid:1013882

Trust: 1.8

db:CERT/CCid:VU#994510

Trust: 1.8

db:CNNVDid:CNNVD-200505-902

Trust: 0.7

db:APPLEid:APPLE-SA-2005-05-03

Trust: 0.6

db:BIDid:13503

Trust: 0.4

db:VULHUBid:VHN-12550

Trust: 0.1

db:VULMONid:CVE-2005-1341

Trust: 0.1

db:PACKETSTORMid:38718

Trust: 0.1

db:CERT/CCid:VU#258390

Trust: 0.1

db:CERT/CCid:VU#539110

Trust: 0.1

db:CERT/CCid:VU#356070

Trust: 0.1

db:CERT/CCid:VU#354486

Trust: 0.1

db:CERT/CCid:VU#331694

Trust: 0.1

db:CERT/CCid:VU#125598

Trust: 0.1

db:CERT/CCid:VU#706838

Trust: 0.1

db:CERT/CCid:VU#582934

Trust: 0.1

db:CERT/CCid:VU#537878

Trust: 0.1

db:CERT/CCid:VU#882750

Trust: 0.1

db:PACKETSTORMid:39271

Trust: 0.1

sources: VULHUB: VHN-12550 // VULMON: CVE-2005-1341 // BID: 13503 // PACKETSTORM: 38718 // PACKETSTORM: 39271 // CNNVD: CNNVD-200505-902 // NVD: CVE-2005-1341

REFERENCES

url:http://remahl.se/david/vuln/012/

Trust: 2.1

url:http://lists.apple.com/archives/security-announce/2005/may/msg00001.html

Trust: 1.8

url:http://www.securityfocus.com/bid/13480

Trust: 1.8

url:http://www.kb.cert.org/vuls/id/994510

Trust: 1.8

url:http://www.osvdb.org/16083

Trust: 1.8

url:http://securitytracker.com/id?1013882

Trust: 1.8

url:http://secunia.com/advisories/15227

Trust: 1.8

url:http://www.vupen.com/english/advisories/2005/0455

Trust: 1.2

url:http://www.frsirt.com/english/advisories/2005/0455

Trust: 0.6

url:http://www.apple.com

Trust: 0.3

url:/archive/1/397489

Trust: 0.3

url: -

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://www.rapid7.com/db/vulnerabilities/apple-osx-applescript-cve-2005-1331

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=9175

Trust: 0.1

url:http://remahl.se/david/vuln/010/>

Trust: 0.1

url:http://remahl.se/david/vuln/012/>

Trust: 0.1

url:http://remahl.se/david/vuln/011/>

Trust: 0.1

url:http://docs.info.apple.com/article.html?artnum=301528>.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2005-1342

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2005-1341

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2005-1331

Trust: 0.1

url:http://remahl.se/david/vuln/004/>

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2005-1337

Trust: 0.1

url:http://remahl.se/david/vuln/>.

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/125598>

Trust: 0.1

url:http://docs.info.apple.com/article.html?artnum=301528>

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/539110>

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/537878>

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/356070>

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/331694>

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/882750>

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/354486>

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/706838>

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/258390>

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/582934>

Trust: 0.1

sources: VULHUB: VHN-12550 // VULMON: CVE-2005-1341 // BID: 13503 // PACKETSTORM: 38718 // PACKETSTORM: 39271 // CNNVD: CNNVD-200505-902 // NVD: CVE-2005-1341

CREDITS

David Remahl※ vuln@remahl.se

Trust: 0.6

sources: CNNVD: CNNVD-200505-902

SOURCES

db:VULHUBid:VHN-12550
db:VULMONid:CVE-2005-1341
db:BIDid:13503
db:PACKETSTORMid:38718
db:PACKETSTORMid:39271
db:CNNVDid:CNNVD-200505-902
db:NVDid:CVE-2005-1341

LAST UPDATE DATE

2024-11-23T20:48:06.732000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-12550date:2011-03-08T00:00:00
db:VULMONid:CVE-2005-1341date:2011-03-08T00:00:00
db:BIDid:13503date:2009-07-12T14:06:00
db:CNNVDid:CNNVD-200505-902date:2005-10-20T00:00:00
db:NVDid:CVE-2005-1341date:2024-11-20T23:57:07.530

SOURCES RELEASE DATE

db:VULHUBid:VHN-12550date:2005-05-04T00:00:00
db:VULMONid:CVE-2005-1341date:2005-05-04T00:00:00
db:BIDid:13503date:2005-05-03T00:00:00
db:PACKETSTORMid:38718date:2005-07-15T06:39:33
db:PACKETSTORMid:39271date:2005-08-14T06:00:54
db:CNNVDid:CNNVD-200505-902date:2005-05-04T00:00:00
db:NVDid:CVE-2005-1341date:2005-05-04T04:00:00