Details of VAR-200508-0317

ID

VAR-200508-0317

CVE

CVE-2005-2523

TITLE

Mac OS X Weblog Server Multiple Cross-Site Scripting Vulnerabilities

Trust: 0.6

sources: CNNVD: CNNVD-200508-193

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server in Mac OS X 10.4 to 10.4.2 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. Multiple security vulnerabilities are reported to affect Apple Mac OS X; updates are available. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. Two of these could result in arbitrary code execution, the third could permit the creation of local accounts. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. Kerberos is prone to five vulnerabilities that may result in a buffer overflow, execution of arbitrary code, and root compromise. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. MySQL is prone to three vulnerabilities that include arbitrary code execution by remote authenticated users. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. OpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. ping is prone to a vulnerability that could allow local privilege escalation and arbitrary code execution. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. servermgrd is prone to a buffer-overflow vulnerability that could ultimately lead to the execution of arbitrary code. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. traceroute is prone to a vulnerability that could result in arbitrary code execution and privilege escalation. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. WebKit is affected by a vulnerability that could result in code execution regarding a malformed PDF file. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. X11 is prone to a vulnerability that could result in arbitrary code execution. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. zlib is prone to two denial-of-service vulnerabilities that may ultimately lead to arbitrary code execution. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. It is now being assigned its own BID

Trust: 1.53

sources: NVD: CVE-2005-2523 // BID: 14567 // BID: 14569 // VULHUB: VHN-13732

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.1	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.4	Trust: 1.6
vendor:	apple	model:	weblog server	scope:	eq	version:	*	Trust: 1.0
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.2	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.1	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.2	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.1	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4	Trust: 0.6
vendor:	apple	model:	weblog server	scope:	-	version:	-	Trust: 0.6
vendor:	redhat	model:	linux i386	scope:	eq	version:	9.0	Trust: 0.3
vendor:	redhat	model:	fedora core2	scope:	-	version:	-	Trust: 0.3
vendor:	redhat	model:	fedora core1	scope:	-	version:	-	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.9	Trust: 0.3

sources: BID: 14567 // BID: 14569 // CNNVD: CNNVD-200508-193 // NVD: CVE-2005-2523

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-2523
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200508-193
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-13732
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2005-2523
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-13732
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-13732 // CNNVD: CNNVD-200508-193 // NVD: CVE-2005-2523

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-2523

THREAT TYPE

network

Trust: 0.6

sources: BID: 14567 // BID: 14569

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200508-193

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-13732

EXTERNAL IDS

db:	NVD	id:	CVE-2005-2523	Trust: 2.3
db:	CNNVD	id:	CNNVD-200508-193	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2005-08-15	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2005-08-17	Trust: 0.6
db:	BID	id:	14569	Trust: 0.4
db:	BID	id:	14567	Trust: 0.3
db:	EXPLOIT-DB	id:	26152	Trust: 0.1
db:	PACKETSTORM	id:	39428	Trust: 0.1
db:	SEEBUG	id:	SSVID-79798	Trust: 0.1
db:	VULHUB	id:	VHN-13732	Trust: 0.1

sources: VULHUB: VHN-13732 // BID: 14567 // BID: 14569 // CNNVD: CNNVD-200508-193 // NVD: CVE-2005-2523

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2005/aug/msg00000.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2005//aug/msg00001.html	Trust: 1.7
url:	http://www.info.apple.com/usen/security/security_updates.html	Trust: 0.3
url:	http://www.suresec.org/advisories/adv5.pdf	Trust: 0.3
url:	http://www.apple.com	Trust: 0.3

sources: VULHUB: VHN-13732 // BID: 14567 // CNNVD: CNNVD-200508-193 // NVD: CVE-2005-2523

CREDITS

OpenSSL Security Advisory

Trust: 0.6

sources: CNNVD: CNNVD-200508-193

SOURCES

db:	VULHUB	id:	VHN-13732
db:	BID	id:	14567
db:	BID	id:	14569
db:	CNNVD	id:	CNNVD-200508-193
db:	NVD	id:	CVE-2005-2523

LAST UPDATE DATE

2024-08-14T12:17:47.201000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-13732	date:	2008-09-05T00:00:00
db:	BID	id:	14567	date:	2006-05-05T23:10:00
db:	BID	id:	14569	date:	2009-07-12T17:06:00
db:	CNNVD	id:	CNNVD-200508-193	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-2523	date:	2008-09-05T20:51:59.083

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-13732	date:	2005-08-19T00:00:00
db:	BID	id:	14567	date:	2005-08-15T00:00:00
db:	BID	id:	14569	date:	2005-08-15T00:00:00
db:	CNNVD	id:	CNNVD-200508-193	date:	2003-07-18T00:00:00
db:	NVD	id:	CVE-2005-2523	date:	2005-08-19T04:00:00