Details of VAR-200505-0617

ID

VAR-200505-0617

CVE

CVE-2005-0342

TITLE

Apple Mac OS X Finder DS_Store Unsafe file creation vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200505-737

DESCRIPTION

The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file. An insecure file creation vulnerability affects Apple Mac OS X Finder. This issue is due to a failure of the application to validate the existence of files prior to creating or writing to them. An attacker may leverage this issue to cause a system-wide denial of service or to gain escalated privileges on an affected computer, potentially leading to unauthorized superuser access. TITLE: SunShop Shopping Cart "search" Cross-Site Scripting SECUNIA ADVISORY ID: SA14118 VERIFY ADVISORY: http://secunia.com/advisories/14118/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote SOFTWARE: SunShop Shopping Cart 3.x http://secunia.com/product/4602/ DESCRIPTION: SmOk3 has reported a vulnerability in SunShop Shopping Cart, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "search" parameter in "index.php" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site. The vulnerability has been reported in version 3.4 RC 4. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: SmOk3 ORIGINAL ADVISORY: http://www.systemsecure.org/wwwboard/messages/227.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2005-0342 // BID: 12458 // VULHUB: VHN-11551 // PACKETSTORM: 36022

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.4	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.1	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.2	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.1	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.3	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.2	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.8	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.5	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.5	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.0	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.4	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.7	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.2	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.7	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.7	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.1.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.3	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.7	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.2	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.1.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.8	Trust: 1.0
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.0	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.03	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1	Trust: 0.3

sources: BID: 12458 // CNNVD: CNNVD-200505-737 // NVD: CVE-2005-0342

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-0342
value:	LOW
Trust: 1.0
CNNVD:	CNNVD-200505-737
value:	LOW
Trust: 0.6
VULHUB:	VHN-11551
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2005-0342
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-11551
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-11551 // CNNVD: CNNVD-200505-737 // NVD: CVE-2005-0342

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-0342

THREAT TYPE

local

Trust: 0.9

sources: BID: 12458 // CNNVD: CNNVD-200505-737

TYPE

Design Error

Trust: 0.9

sources: BID: 12458 // CNNVD: CNNVD-200505-737

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-11551

EXTERNAL IDS

db:	BID	id:	12458	Trust: 2.0
db:	SECUNIA	id:	14188	Trust: 1.8
db:	NVD	id:	CVE-2005-0342	Trust: 1.7
db:	CNNVD	id:	CNNVD-200505-737	Trust: 0.7
db:	BUGTRAQ	id:	20050207 [OSX FINDER] DS_STORE ARBITRARY FILE OVERWRITE VULNERABILITY.	Trust: 0.6
db:	XF	id:	19253	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2005-05-03	Trust: 0.6
db:	EXPLOIT-DB	id:	793	Trust: 0.1
db:	VULHUB	id:	VHN-11551	Trust: 0.1
db:	PACKETSTORM	id:	36022	Trust: 0.1

sources: VULHUB: VHN-11551 // BID: 12458 // PACKETSTORM: 36022 // CNNVD: CNNVD-200505-737 // NVD: CVE-2005-0342

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2005/may/msg00001.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/12458	Trust: 1.7
url:	http://secunia.com/advisories/14188	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/19253	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=110780124707975&w=2	Trust: 1.0
url:	http://xforce.iss.net/xforce/xfdb/19253	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=110780124707975&w=2	Trust: 0.6
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	/archive/1/389617	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=110780124707975&w=2	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://www.systemsecure.org/wwwboard/messages/227.html	Trust: 0.1
url:	http://secunia.com/advisories/14118/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/product/4602/	Trust: 0.1

sources: VULHUB: VHN-11551 // BID: 12458 // PACKETSTORM: 36022 // CNNVD: CNNVD-200505-737 // NVD: CVE-2005-0342

CREDITS

Vade 79

Trust: 0.6

sources: CNNVD: CNNVD-200505-737

SOURCES

db:	VULHUB	id:	VHN-11551
db:	BID	id:	12458
db:	PACKETSTORM	id:	36022
db:	CNNVD	id:	CNNVD-200505-737
db:	NVD	id:	CVE-2005-0342

LAST UPDATE DATE

2024-08-14T13:16:22.313000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-11551	date:	2017-07-11T00:00:00
db:	BID	id:	12458	date:	2005-02-07T00:00:00
db:	CNNVD	id:	CNNVD-200505-737	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-0342	date:	2017-07-11T01:32:14.797

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-11551	date:	2005-05-02T00:00:00
db:	BID	id:	12458	date:	2005-02-07T00:00:00
db:	PACKETSTORM	id:	36022	date:	2005-02-05T21:08:38
db:	CNNVD	id:	CNNVD-200505-737	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2005-0342	date:	2005-05-02T04:00:00