Details of VAR-200505-1085

ID

VAR-200505-1085

CVE

CVE-2005-0972

TITLE

Apple Mac OS X SearchFS Integer overflow vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200505-995

DESCRIPTION

Integer overflow in the searchfs system call in Mac OS X 10.3.9 and earlier allows local users to execute arbitrary code via crafted parameters. The issue occurs in the searchfs() code. The vulnerability exists due to an error in calculating size arguments derived from user-controlled integer values, which are then used in a user-land to kernel memory copy operation. The issue may be leveraged to corrupt kernel memory and ultimately execute arbitrary code with ring-0 privileges. The issue may also be exploited to trigger a denial of service condition from a kernel panic

Trust: 1.35

sources: NVD: CVE-2005-0972 // BID: 12295 // VULHUB: VHN-12181 // VULMON: CVE-2005-0972

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.5	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.8	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.6	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.7	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.4	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.3	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.1	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.2	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.8	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.5	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.5	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.0	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.7	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.2	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.7	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.7	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.4	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.1.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.8	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.2	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.1.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.8	Trust: 1.0
vendor:	darwin	model:	kernel	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	ne	version:	x10.3.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.3.9	Trust: 0.3

sources: BID: 12295 // CNNVD: CNNVD-200505-995 // NVD: CVE-2005-0972

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-0972
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200505-995
value:	HIGH
Trust: 0.6
VULHUB:	VHN-12181
value:	HIGH
Trust: 0.1
VULMON:	CVE-2005-0972
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2005-0972
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-12181
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-12181 // VULMON: CVE-2005-0972 // CNNVD: CNNVD-200505-995 // NVD: CVE-2005-0972

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-0972

THREAT TYPE

local

Trust: 0.9

sources: BID: 12295 // CNNVD: CNNVD-200505-995

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200505-995

EXTERNAL IDS

db:	NVD	id:	CVE-2005-0972	Trust: 2.1
db:	CERT/CC	id:	VU#185702	Trust: 1.8
db:	CNNVD	id:	CNNVD-200505-995	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2005-04-15	Trust: 0.6
db:	BID	id:	12295	Trust: 0.5
db:	VULHUB	id:	VHN-12181	Trust: 0.1
db:	VULMON	id:	CVE-2005-0972	Trust: 0.1

sources: VULHUB: VHN-12181 // VULMON: CVE-2005-0972 // BID: 12295 // CNNVD: CNNVD-200505-995 // NVD: CVE-2005-0972

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2005/apr/msg00000.html	Trust: 1.8
url:	http://www.kb.cert.org/vuls/id/185702	Trust: 1.8
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	http://www.immunitysec.com/downloads/nukido.pdf	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/12295	Trust: 0.1

sources: VULHUB: VHN-12181 // VULMON: CVE-2005-0972 // BID: 12295 // CNNVD: CNNVD-200505-995 // NVD: CVE-2005-0972

CREDITS

Discovery is credited to Immunity Inc.

Trust: 0.9

sources: BID: 12295 // CNNVD: CNNVD-200505-995

SOURCES

db:	VULHUB	id:	VHN-12181
db:	VULMON	id:	CVE-2005-0972
db:	BID	id:	12295
db:	CNNVD	id:	CNNVD-200505-995
db:	NVD	id:	CVE-2005-0972

LAST UPDATE DATE

2024-08-14T13:40:13.174000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-12181	date:	2008-09-05T00:00:00
db:	VULMON	id:	CVE-2005-0972	date:	2008-09-05T00:00:00
db:	BID	id:	12295	date:	2009-07-12T10:06:00
db:	CNNVD	id:	CNNVD-200505-995	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-0972	date:	2008-09-05T20:47:50.220

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-12181	date:	2005-05-12T00:00:00
db:	VULMON	id:	CVE-2005-0972	date:	2005-05-12T00:00:00
db:	BID	id:	12295	date:	2005-01-18T00:00:00
db:	CNNVD	id:	CNNVD-200505-995	date:	2005-05-12T00:00:00
db:	NVD	id:	CVE-2005-0972	date:	2005-05-12T04:00:00