Sign-up

ID

VAR-200505-0907


CVE

CVE-2005-0127


TITLE

Apple Mac OS X vulnerable to information disclosure in "Message-ID" header

Trust: 0.8

sources: CERT/CC: VU#464662

DESCRIPTION

Mail in Mac OS X 10.3.7, when generating a Message-ID header, generates a GUUID that includes information that identifies the Ethernet hardware being used, which allows remote attackers to link mail messages to a particular machine. The Mail application supplied with Apple's Mac OS X operating system identifies the system from which any electronic mail is sent. Apple's Mac OS X operating system contains a flaw in the handling of ICC color profiles, which may allow arbitrary code execution through a heap-based buffer overflow. An information disclosure vulnerability affects the email message ID generation of Apple Mail. This issue is due to a design error that causes the application to insecurely generate email message IDs. An attacker may leverage this issue to identify the specific computer that an email has been sent from, other attacks may also be possible

Trust: 3.42

sources: NVD: CVE-2005-0127 // CERT/CC: VU#464662 // CERT/CC: VU#678150 // CERT/CC: VU#980078 // BID: 12366 // VULHUB: VHN-11336

AFFECTED PRODUCTS

vendor:apple computermodel: - scope: - version: -

Trust: 2.4

vendor:applemodel:mac os xscope:eqversion:10.3.7

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.3.7

Trust: 1.6

vendor:applemodel:mailscope: - version: -

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.3.8

Trust: 0.3

sources: CERT/CC: VU#464662 // CERT/CC: VU#678150 // CERT/CC: VU#980078 // BID: 12366 // CNNVD: CNNVD-200505-185 // NVD: CVE-2005-0127

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-0127
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#464662
value: 2.81

Trust: 0.8

CARNEGIE MELLON: VU#678150
value: 8.10

Trust: 0.8

CARNEGIE MELLON: VU#980078
value: 4.13

Trust: 0.8

CNNVD: CNNVD-200505-185
value: MEDIUM

Trust: 0.6

VULHUB: VHN-11336
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2005-0127
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-11336
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#464662 // CERT/CC: VU#678150 // CERT/CC: VU#980078 // VULHUB: VHN-11336 // CNNVD: CNNVD-200505-185 // NVD: CVE-2005-0127

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-0127

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200505-185

TYPE

Design Error

Trust: 0.9

sources: BID: 12366 // CNNVD: CNNVD-200505-185

EXTERNAL IDS

db:SECUNIAid:14005

Trust: 4.1

db:CERT/CCid:VU#464662

Trust: 2.5

db:NVDid:CVE-2005-0127

Trust: 2.0

db:SECTRACKid:1013001

Trust: 1.7

db:CERT/CCid:VU#678150

Trust: 0.8

db:CERT/CCid:VU#980078

Trust: 0.8

db:CNNVDid:CNNVD-200505-185

Trust: 0.7

db:APPLEid:APPLE-SA-2005-01-25

Trust: 0.6

db:XFid:19085

Trust: 0.6

db:BIDid:12366

Trust: 0.4

db:VULHUBid:VHN-11336

Trust: 0.1

sources: CERT/CC: VU#464662 // CERT/CC: VU#678150 // CERT/CC: VU#980078 // VULHUB: VHN-11336 // BID: 12366 // CNNVD: CNNVD-200505-185 // NVD: CVE-2005-0127

REFERENCES

url:http://lists.apple.com/archives/security-announce/2005/jan/msg00001.html

Trust: 2.5

url:http://docs.info.apple.com/article.html?artnum=300770

Trust: 2.4

url:http://secunia.com/advisories/14005/

Trust: 2.4

url:http://www.kb.cert.org/vuls/id/464662

Trust: 1.7

url:http://securitytracker.com/id?1013001

Trust: 1.7

url:http://secunia.com/advisories/14005

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/19085

Trust: 1.1

url:http://www.immunitysec.com/resources-advisories.shtml

Trust: 0.8

url:http://www.immunitysec.com/downloads/nukido.pdf

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/19085

Trust: 0.6

url:http://www.apple.com/macosx/features/mail/

Trust: 0.3

sources: CERT/CC: VU#464662 // CERT/CC: VU#678150 // CERT/CC: VU#980078 // VULHUB: VHN-11336 // BID: 12366 // CNNVD: CNNVD-200505-185 // NVD: CVE-2005-0127

CREDITS

Carl Purvis is credited with the discovery of this issue.

Trust: 0.9

sources: BID: 12366 // CNNVD: CNNVD-200505-185

SOURCES

db:CERT/CCid:VU#464662
db:CERT/CCid:VU#678150
db:CERT/CCid:VU#980078
db:VULHUBid:VHN-11336
db:BIDid:12366
db:CNNVDid:CNNVD-200505-185
db:NVDid:CVE-2005-0127

LAST UPDATE DATE

2024-08-14T13:00:32.003000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#464662date:2005-01-31T00:00:00
db:CERT/CCid:VU#678150date:2005-01-28T00:00:00
db:CERT/CCid:VU#980078date:2005-01-27T00:00:00
db:VULHUBid:VHN-11336date:2017-07-11T00:00:00
db:BIDid:12366date:2009-07-12T10:06:00
db:CNNVDid:CNNVD-200505-185date:2005-10-20T00:00:00
db:NVDid:CVE-2005-0127date:2017-07-11T01:32:06.373

SOURCES RELEASE DATE

db:CERT/CCid:VU#464662date:2005-01-31T00:00:00
db:CERT/CCid:VU#678150date:2005-01-27T00:00:00
db:CERT/CCid:VU#980078date:2005-01-27T00:00:00
db:VULHUBid:VHN-11336date:2005-05-02T00:00:00
db:BIDid:12366date:2005-01-26T00:00:00
db:CNNVDid:CNNVD-200505-185date:2005-05-02T00:00:00
db:NVDid:CVE-2005-0127date:2005-05-02T04:00:00