Details of VAR-200505-1088

ID

VAR-200505-1088

CVE

CVE-2005-0975

TITLE

Apple Mac OS X Kernel Executable Denial of Service Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200505-338

DESCRIPTION

Integer signedness error in the parse_machfile function in the mach-o loader (mach_loader.c) for the Darwin Kernel as used in Mac OS X 10.3.7, and other versions before 10.3.9, allows local users to cause a denial of service (CPU consumption) via a crafted mach-o header. Apple Mac OS X is prone to a local denial of service vulnerability. This issue is exposed when the Mac OS X kernel processes an executable file, causing temporary interruption of services on the computer. Reportedly a local integer overflow vulnerability affects the Darwin Kernel. This issue is due to a failure of the affected to properly handle integer signedness. An attacker may leverage this issue to cause the affected computer to crash, denying service to legitimate users. It has been speculated that this issue may also be leverage to escalate privileges, although this is unconfirmed

Trust: 1.53

sources: NVD: CVE-2005-0975 // BID: 13222 // BID: 12314 // VULHUB: VHN-12184

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.6	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.4	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.3	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.1	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.5	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.1	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.5	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.4	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.7	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.6	Trust: 1.0
vendor:	opendarwin	model:	darwin kernel	scope:	eq	version:	7.1	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.3	Trust: 1.0
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.0	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.3.9	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	ne	version:	x10.3.9	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.03	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1	Trust: 0.3
vendor:	darwin	model:	kernel	scope:	eq	version:	7.1	Trust: 0.3

sources: BID: 13222 // BID: 12314 // CNNVD: CNNVD-200505-338 // NVD: CVE-2005-0975

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-0975
value:	LOW
Trust: 1.0
CNNVD:	CNNVD-200505-338
value:	LOW
Trust: 0.6
VULHUB:	VHN-12184
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2005-0975
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-12184
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-12184 // CNNVD: CNNVD-200505-338 // NVD: CVE-2005-0975

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-0975

THREAT TYPE

local

Trust: 1.2

sources: BID: 13222 // BID: 12314 // CNNVD: CNNVD-200505-338

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200505-338

EXTERNAL IDS

db:	NVD	id:	CVE-2005-0975	Trust: 2.0
db:	BID	id:	12314	Trust: 2.0
db:	SECUNIA	id:	13902	Trust: 1.7
db:	VUPEN	id:	ADV-2005-0041	Trust: 1.7
db:	SECTRACK	id:	1012941	Trust: 1.7
db:	SECTRACK	id:	1013735	Trust: 1.7
db:	CNNVD	id:	CNNVD-200505-338	Trust: 0.7
db:	BUGTRAQ	id:	20050119 DARWIN KERNEL VULNERABILITY	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2005-04-15	Trust: 0.6
db:	XF	id:	18979	Trust: 0.6
db:	CIAC	id:	P-185	Trust: 0.6
db:	BID	id:	13222	Trust: 0.4
db:	VULHUB	id:	VHN-12184	Trust: 0.1

sources: VULHUB: VHN-12184 // BID: 13222 // BID: 12314 // CNNVD: CNNVD-200505-338 // NVD: CVE-2005-0975

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2005/apr/msg00000.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/12314	Trust: 1.7
url:	http://www.ciac.org/ciac/bulletins/p-185.shtml	Trust: 1.7
url:	http://felinemenace.org/advisories/macosx.txt	Trust: 1.7
url:	http://securitytracker.com/id?1012941	Trust: 1.7
url:	http://securitytracker.com/id?1013735	Trust: 1.7
url:	http://secunia.com/advisories/13902	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2005/0041	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/18979	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=110616533903671&w=2	Trust: 1.0
url:	http://www.apple.com/macosx/	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/18979	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2005/0041	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=110616533903671&w=2	Trust: 0.6
url:	http://developer.apple.com/darwin/projects/darwin/	Trust: 0.3
url:	http://www.opendarwin.org/	Trust: 0.3
url:	/archive/1/387731	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=110616533903671&w=2	Trust: 0.1

sources: VULHUB: VHN-12184 // BID: 13222 // BID: 12314 // CNNVD: CNNVD-200505-338 // NVD: CVE-2005-0975

CREDITS

Neil Archibald is credited with the discovery of this issue.

Trust: 0.9

sources: BID: 13222 // CNNVD: CNNVD-200505-338

SOURCES

db:	VULHUB	id:	VHN-12184
db:	BID	id:	13222
db:	BID	id:	12314
db:	CNNVD	id:	CNNVD-200505-338
db:	NVD	id:	CVE-2005-0975

LAST UPDATE DATE

2024-11-23T21:50:01.674000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-12184	date:	2017-07-11T00:00:00
db:	BID	id:	13222	date:	2009-07-12T14:06:00
db:	BID	id:	12314	date:	2005-01-19T00:00:00
db:	CNNVD	id:	CNNVD-200505-338	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-0975	date:	2024-11-20T23:56:18.697

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-12184	date:	2005-05-02T00:00:00
db:	BID	id:	13222	date:	2005-04-16T00:00:00
db:	BID	id:	12314	date:	2005-01-19T00:00:00
db:	CNNVD	id:	CNNVD-200505-338	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2005-0975	date:	2005-05-02T04:00:00