Sign-up

ID

VAR-200505-0615


CVE

CVE-2005-0340


TITLE

Apple Mac OS X AppleFileServer Remote Integer Overflow Vulnerability

Trust: 0.9

sources: BID: 12478 // CNNVD: CNNVD-200505-472

DESCRIPTION

Integer signedness error in Apple File Service (AFP Server) allows remote attackers to cause a denial of service (application crash) via a negative UAM string length in a FPLoginExt packet. A remote integer overflow vulnerability reportedly affects Apple Mac OS X AppleFileServer. This issue is due to a failure of the application to properly handle integer signedness while copying data into finite process buffers. An attacker may leverage this issue to cause the affected server process to consume memory resources until triggering an EXC_BAD_ACCESS signal, ultimately causing a denial of service condition

Trust: 1.26

sources: NVD: CVE-2005-0340 // BID: 12478 // VULHUB: VHN-11549

AFFECTED PRODUCTS

vendor:applemodel:afp serverscope:eqversion:*

Trust: 1.0

vendor:applemodel:afp serverscope: - version: -

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.03

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.1

Trust: 0.3

sources: BID: 12478 // CNNVD: CNNVD-200505-472 // NVD: CVE-2005-0340

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-0340
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200505-472
value: MEDIUM

Trust: 0.6

VULHUB: VHN-11549
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2005-0340
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-11549
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-11549 // CNNVD: CNNVD-200505-472 // NVD: CVE-2005-0340

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-0340

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200505-472

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 12478 // CNNVD: CNNVD-200505-472

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-11549

EXTERNAL IDS
db:BIDid:12478
Trust: 2.0
db:NVDid:CVE-2005-0340
Trust: 1.7
db:CNNVDid:CNNVD-200505-472
Trust: 0.7
db:APPLEid:APPLE-SA-2005-03-21
Trust: 0.6
db:BUGTRAQid:20050208 APPLEFILESERVER DENIAL OF SERVICE.
Trust: 0.6
db:XFid:19263
Trust: 0.6
db:EXPLOIT-DBid:799
Trust: 0.1
db:VULHUBid:VHN-11549
Trust: 0.1
sources:
            
            
            VULHUB: VHN-11549 // 
            
            
            
            BID: 12478 // 
            
            
            
            CNNVD: CNNVD-200505-472 // 
            
            
            
            NVD: CVE-2005-0340

REFERENCES
url:http://lists.apple.com/archives/security-announce/2005/mar/msg00000.html
Trust: 1.7
url:http://www.securityfocus.com/bid/12478
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/19263
Trust: 1.1
url:http://marc.info/?l=bugtraq&m=110791369419784&w=2
Trust: 1.0
url:http://xforce.iss.net/xforce/xfdb/19263
Trust: 0.6
url:http://marc.theaimsgroup.com/?l=bugtraq&m=110791369419784&w=2
Trust: 0.6
url:http://docs.info.apple.com/article.html?artnum=301061
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:/archive/1/389802
Trust: 0.3
url:http://marc.info/?l=bugtraq&m=110791369419784&w=2
Trust: 0.1
sources:
            
            
            VULHUB: VHN-11549 // 
            
            
            
            BID: 12478 // 
            
            
            
            CNNVD: CNNVD-200505-472 // 
            
            
            
            NVD: CVE-2005-0340

CREDITS
nemo@felinemenace.org is credited with the discovery of this issue.
Trust: 0.9
sources:
            
            
            BID: 12478 // 
            
            
            
            CNNVD: CNNVD-200505-472

SOURCES
db:VULHUBid:VHN-11549
db:BIDid:12478
db:CNNVDid:CNNVD-200505-472
db:NVDid:CVE-2005-0340

LAST UPDATE DATE
2024-08-14T12:37:47.396000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-11549date:2017-07-11T00:00:00
db:BIDid:12478date:2009-07-12T10:06:00
db:CNNVDid:CNNVD-200505-472date:2005-10-20T00:00:00
db:NVDid:CVE-2005-0340date:2017-07-11T01:32:14.687

SOURCES RELEASE DATE
db:VULHUBid:VHN-11549date:2005-05-02T00:00:00
db:BIDid:12478date:2005-02-08T00:00:00
db:CNNVDid:CNNVD-200505-472date:2005-05-02T00:00:00
db:NVDid:CVE-2005-0340date:2005-05-02T04:00:00