Details of VAR-200505-0527

ID

VAR-200505-0527

CVE

CVE-2005-0970

TITLE

Mac OS X Permissions and Access Control Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200505-263

DESCRIPTION

Mac OS X 10.3.9 and earlier allows users to install, create, and execute setuid/setgid scripts, contrary to the intended design, which may allow attackers to conduct unauthorized activities with escalated privileges via vulnerable scripts. Mac OS X is prone to a remote security vulnerability. An attacker could take advantage of elevated privileges to perform unauthorized actions through a vulnerable script

Trust: 1.26

sources: NVD: CVE-2005-0970 // BID: 90137 // VULHUB: VHN-12179

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.6	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.7	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.4	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.3	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.1	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.9	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.5	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.8	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.7	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.8	Trust: 1.0
vendor:	cosmicperl	model:	directory pro	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0	Trust: 0.3

sources: BID: 90137 // CNNVD: CNNVD-200505-263 // NVD: CVE-2005-0970

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-0970
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200505-263
value:	HIGH
Trust: 0.6
VULHUB:	VHN-12179
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2005-0970
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-12179
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-12179 // CNNVD: CNNVD-200505-263 // NVD: CVE-2005-0970

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.1

sources: VULHUB: VHN-12179 // NVD: CVE-2005-0970

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200505-263

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-200505-263

EXTERNAL IDS

db:	NVD	id:	CVE-2005-0970	Trust: 2.0
db:	CNNVD	id:	CNNVD-200505-263	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2005-04-15	Trust: 0.6
db:	BID	id:	90137	Trust: 0.4
db:	VULHUB	id:	VHN-12179	Trust: 0.1

sources: VULHUB: VHN-12179 // BID: 90137 // CNNVD: CNNVD-200505-263 // NVD: CVE-2005-0970

REFERENCES

url:

http://lists.apple.com/archives/security-announce/2005/apr/msg00000.html

Trust: 2.0

sources: VULHUB: VHN-12179 // BID: 90137 // CNNVD: CNNVD-200505-263 // NVD: CVE-2005-0970

CREDITS

Unknown

Trust: 0.3

sources: BID: 90137

SOURCES

db:	VULHUB	id:	VHN-12179
db:	BID	id:	90137
db:	CNNVD	id:	CNNVD-200505-263
db:	NVD	id:	CVE-2005-0970

LAST UPDATE DATE

2024-08-14T13:40:13.067000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-12179	date:	2009-10-14T00:00:00
db:	BID	id:	90137	date:	2005-05-02T00:00:00
db:	CNNVD	id:	CNNVD-200505-263	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-0970	date:	2009-10-14T04:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-12179	date:	2005-05-02T00:00:00
db:	BID	id:	90137	date:	2005-05-02T00:00:00
db:	CNNVD	id:	CNNVD-200505-263	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2005-0970	date:	2005-05-02T04:00:00