var-200505-0359
Vulnerability from variot
Apple Terminal 1.4.4 allows attackers to execute arbitrary commands via terminal escape sequences. Apple Mac OS X Terminal is reported prone to an input validation vulnerability. A vulnerability exists in Apple Mac OS X's handling of AppleScript links, which could be exploited by remote attackers to lure users into executing malicious code. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I have published advisories for 4 security vulnerabilities in Mac OS
X that were addressed by Apple Security Update 2005-005, released
today. http://docs.info.apple.com/article.html?artnum=301528.
This email contains brief summaries of the problems. Full details can
be found on my web site http://remahl.se/david/vuln/.
Description: help: URI handler execution of JavaScripts with known
paths vulnerability
My name: DR004 http://remahl.se/david/vuln/004/
CVE: CAN-2005-1337 [yes, cool, isn't it ;-)]
Summary: The Help Viewer application allows JavaScript and is thus
vulnerable to having scripts with arbitrary paths run with the
privileges granted to file: protocol URIs. The files can be started
with a URI on the form of help:///path/to/file.html. Combined with
XMLHttpRequest's ability to disclose arbitrary files, this security
bug becomes critcal.
Description: Invisible characters in applescript: URL protocol
messaging vulnerability
My name: DR010 http://remahl.se/david/vuln/010/
CVE: CAN-2005-1331
Summary: URL Protocol Messaging is a technique used by Script Editor
to facilitate sharing of AppleScripts between users. By clicking a
link (for example in a web forum), a user can create a new Script
Editor document automatically, with text from the query string of the
URI. This avoids problems with copying text from the web or manually
typing code snippets. However, the technique can be used to trick
users into running dangerous code (with embedded control characters),
since insufficient input validation is performed.
Description: Mac OS X terminal emulators allow reading and writing of
window title through escape sequences
My name: DR012 http://remahl.se/david/vuln/012/
CVE: CAN-2005-1341
Summary: Apple Terminal (often referred to as Terminal.app) and xterm
which both ship with current versions of Mac OS X are vulnerable to a
well-known type of attack when displaying untrusted content.
I would like to acknowledge the willingness of Apple's Product
Security team to cooperate with me in resolving these issues. CERT's
assistance has also been helpful. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00600177 Version: 1
HPSBUX02119 SSRT4848 rev.1 - HP-UX Running Motif Applications Remote Arbitrary Code Execution, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2006-05-17 Last Updated: 2006-05-15
Potential Security Impact: Remote arbitrary code execution, Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Motif applications running on HP-UX. The potential vulnerabilities could be exploited to allow remote execution of arbitrary code or Denial for Service (DoS).
References: CERT VU#537878, VU#882750
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.00, B.11.11, B.11.23 running Motif applications.
BACKGROUND
Potential vulnerabilities have been reported with the handling of XPixMap format data: http://www.kb.cert.org/vuls/id/882750 http://www.kb.cert.org/vuls/id/537878
AFFECTED VERSIONS
HP-UX B.11.00
X11.MOTIF-SHLIB action: install PHSS_33129 or subsequent
HP-UX B.11.11
X11.MOTIF-SHLIB action: install PHSS_33130 or subsequent
HP-UX B.11.23
X11.MOTIF-SHLIB action: install PHSS_33132 or subsequent
RESOLUTION HP has made the following patches available to resolve the issue. The patches can be downloaded from http://itrc.hp.com
HP-UX B.11.00 PHSS_33129 or subsequent HP-UX B.11.11 PHSS_33130 or subsequent HP-UX B.11.23 PHSS_33132 or subsequent
MANUAL ACTIONS: No
PRODUCT SPECIFIC INFORMATION
HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA
HISTORY Version:1 (rev.1) 17 May 2006 Initial release
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com. It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA& langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
-
The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW, MA = HP Management Agents, MI = Misc. 3rd party SW, MP = HP MPE/iX, NS = HP NonStop Servers, OV = HP OpenVMS, PI = HP Printing & Imaging, ST = HP Storage SW, TL = HP Trusted Linux, TU = HP Tru64 UNIX, UX = HP-UX, VV = HP Virtual Vault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
(c)Copyright 2006 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1
iQA/AwUBRHGcseAfOvwtKn1ZEQLsCQCgsfBQfOCJ10fRkLsGaGyKFw52JnIAnj+C 6Kgv/Lr9cDfmSn3EfBJJW35+ =u3wT -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-0359",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.5"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.8"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.6"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.7"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.4"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.3"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.1"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.9"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.2"
},
{
"model": "terminal",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.4.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.9"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.7"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.8"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
}
],
"sources": [
{
"db": "BID",
"id": "13503"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-902"
},
{
"db": "NVD",
"id": "CVE-2005-1341"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:terminal:1.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1341"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Remahl\u203b vuln@remahl.se",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-902"
}
],
"trust": 0.6
},
"cve": "CVE-2005-1341",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-12550",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2005-1341",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-1341",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-902",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-12550",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2005-1341",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12550"
},
{
"db": "VULMON",
"id": "CVE-2005-1341"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-902"
},
{
"db": "NVD",
"id": "CVE-2005-1341"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Terminal 1.4.4 allows attackers to execute arbitrary commands via terminal escape sequences. Apple Mac OS X Terminal is reported prone to an input validation vulnerability. A vulnerability exists in Apple Mac OS X\u0027s handling of AppleScript links, which could be exploited by remote attackers to lure users into executing malicious code. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nI have published advisories for 4 security vulnerabilities in Mac OS \nX that were addressed by Apple Security Update 2005-005, released \ntoday. \u003chttp://docs.info.apple.com/article.html?artnum=301528\u003e. \n\nThis email contains brief summaries of the problems. Full details can \nbe found on my web site \u003chttp://remahl.se/david/vuln/\u003e. \n\nDescription: help: URI handler execution of JavaScripts with known \npaths vulnerability\nMy name: DR004 \u003chttp://remahl.se/david/vuln/004/\u003e\nCVE: CAN-2005-1337 [yes, cool, isn\u0027t it ;-)]\nSummary: The Help Viewer application allows JavaScript and is thus \nvulnerable to having scripts with arbitrary paths run with the \nprivileges granted to file: protocol URIs. The files can be started \nwith a URI on the form of help:///path/to/file.html. Combined with \nXMLHttpRequest\u0027s ability to disclose arbitrary files, this security \nbug becomes critcal. \n\nDescription: Invisible characters in applescript: URL protocol \nmessaging vulnerability\nMy name: DR010 \u003chttp://remahl.se/david/vuln/010/\u003e\nCVE: CAN-2005-1331\nSummary: URL Protocol Messaging is a technique used by Script Editor \nto facilitate sharing of AppleScripts between users. By clicking a \nlink (for example in a web forum), a user can create a new Script \nEditor document automatically, with text from the query string of the \nURI. This avoids problems with copying text from the web or manually \ntyping code snippets. However, the technique can be used to trick \nusers into running dangerous code (with embedded control characters), \nsince insufficient input validation is performed. \n\nDescription: Mac OS X terminal emulators allow reading and writing of \nwindow title through escape sequences\nMy name: DR012 \u003chttp://remahl.se/david/vuln/012/\u003e\nCVE: CAN-2005-1341\nSummary: Apple Terminal (often referred to as Terminal.app) and xterm \nwhich both ship with current versions of Mac OS X are vulnerable to a \nwell-known type of attack when displaying untrusted content. \n\nI would like to acknowledge the willingness of Apple\u0027s Product \nSecurity team to cooperate with me in resolving these issues. CERT\u0027s \nassistance has also been helpful. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00600177\nVersion: 1\n\nHPSBUX02119 SSRT4848 rev.1 - HP-UX Running Motif Applications Remote Arbitrary \nCode Execution, Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2006-05-17\nLast Updated: 2006-05-15\n\nPotential Security Impact: Remote arbitrary code execution, Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Motif applications running\non HP-UX. The potential vulnerabilities could be exploited to allow remote execution\nof arbitrary code or Denial for Service (DoS). \n\nReferences: CERT VU#537878, VU#882750 \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.00, B.11.11, B.11.23 running Motif applications. \n\nBACKGROUND\n\nPotential vulnerabilities have been reported with the handling of XPixMap format data:\nhttp://www.kb.cert.org/vuls/id/882750 \nhttp://www.kb.cert.org/vuls/id/537878 \n\nAFFECTED VERSIONS\n\nHP-UX B.11.00\n=============\nX11.MOTIF-SHLIB\naction: install PHSS_33129 or subsequent\n\nHP-UX B.11.11\n=============\nX11.MOTIF-SHLIB\naction: install PHSS_33130 or subsequent\n\nHP-UX B.11.23\n=============\nX11.MOTIF-SHLIB\naction: install PHSS_33132 or subsequent\n\nRESOLUTION\nHP has made the following patches available to resolve the issue. \nThe patches can be downloaded from http://itrc.hp.com \n\nHP-UX B.11.00 PHSS_33129 or subsequent \nHP-UX B.11.11 PHSS_33130 or subsequent \nHP-UX B.11.23 PHSS_33132 or subsequent \n\nMANUAL ACTIONS: No\n\nPRODUCT SPECIFIC INFORMATION \n\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all\nHP-issued Security Bulletins to provide a subset of recommended actions that \npotentially affect a specific HP-UX system. For more information: \nhttp://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA \n\nHISTORY \nVersion:1 (rev.1) 17 May 2006 Initial release\n\nSupport: For further information, contact normal HP Services\nsupport channel. \n\nReport: To report a potential security vulnerability with any HP\nsupported product, send Email to: security-alert@hp.com. It is\nstrongly recommended that security related information being\ncommunicated to HP be encrypted using PGP, especially exploit\ninformation. To get the security-alert PGP key, please send an\ne-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP\nSecurity Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026\nlangcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\n\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n - check ALL categories for which alerts are required and\n continue. \nUnder Step2: your ITRC operating systems\n - verify your operating system selections are checked and\n save. \n\nTo update an existing subscription:\nhttp://h30046.www3.hp.com/subSignIn.php\nLog in on the web page:\n Subscriber\u0027s choice for Business: sign-in. \nOn the web page:\n Subscriber\u0027s Choice: your profile summary\n - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit:\nhttp://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters of the\nBulletin number in the title:\n\n GN = HP General SW,\n MA = HP Management Agents,\n MI = Misc. 3rd party SW,\n MP = HP MPE/iX,\n NS = HP NonStop Servers,\n OV = HP OpenVMS,\n PI = HP Printing \u0026 Imaging,\n ST = HP Storage SW,\n TL = HP Trusted Linux,\n TU = HP Tru64 UNIX,\n UX = HP-UX,\n VV = HP Virtual Vault\n\n\nSystem management and security procedures must be reviewed\nfrequently to maintain system integrity. HP is continually\nreviewing and enhancing the security features of software products\nto provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to\nbring to the attention of users of the affected HP products the\nimportant security information contained in this Bulletin. HP\nrecommends that all users determine the applicability of this\ninformation to their individual situations and take appropriate\naction. HP does not warrant that this information is necessarily\naccurate or complete for all user situations and, consequently, HP\nwill not be responsible for any damages resulting from user\u0027s use\nor disregard of the information provided in this Bulletin. To the\nextent permitted by law, HP disclaims all warranties, either\nexpress or implied, including the warranties of merchantability\nand fitness for a particular purpose, title and non-infringement.\"\n\n\n(c)Copyright 2006 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or\neditorial errors or omissions contained herein. The information\nprovided is provided \"as is\" without warranty of any kind. To the\nextent permitted by law, neither HP nor its affiliates,\nsubcontractors or suppliers will be liable for incidental, special\nor consequential damages including downtime cost; lost profits;\ndamages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. \nThe information in this document is subject to change without\nnotice. Hewlett-Packard Company and the names of Hewlett-Packard\nproducts referenced herein are trademarks of Hewlett-Packard\nCompany in the United States and other countries. Other product\nand company names mentioned herein may be trademarks of their\nrespective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBRHGcseAfOvwtKn1ZEQLsCQCgsfBQfOCJ10fRkLsGaGyKFw52JnIAnj+C\n6Kgv/Lr9cDfmSn3EfBJJW35+\n=u3wT\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1341"
},
{
"db": "BID",
"id": "13503"
},
{
"db": "VULHUB",
"id": "VHN-12550"
},
{
"db": "VULMON",
"id": "CVE-2005-1341"
},
{
"db": "PACKETSTORM",
"id": "38718"
},
{
"db": "PACKETSTORM",
"id": "46611"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-1341",
"trust": 2.2
},
{
"db": "BID",
"id": "13480",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "16083",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2005-0455",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "15227",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1013882",
"trust": 1.8
},
{
"db": "CERT/CC",
"id": "VU#994510",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-200505-902",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2005-05-03",
"trust": 0.6
},
{
"db": "BID",
"id": "13503",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-12550",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2005-1341",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "38718",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#537878",
"trust": 0.1
},
{
"db": "CERT/CC",
"id": "VU#882750",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "46611",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12550"
},
{
"db": "VULMON",
"id": "CVE-2005-1341"
},
{
"db": "BID",
"id": "13503"
},
{
"db": "PACKETSTORM",
"id": "38718"
},
{
"db": "PACKETSTORM",
"id": "46611"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-902"
},
{
"db": "NVD",
"id": "CVE-2005-1341"
}
]
},
"id": "VAR-200505-0359",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-12550"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:49:11.998000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1341"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://remahl.se/david/vuln/012/"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2005/may/msg00001.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/13480"
},
{
"trust": 1.8,
"url": "http://www.kb.cert.org/vuls/id/994510"
},
{
"trust": 1.8,
"url": "http://www.osvdb.org/16083"
},
{
"trust": 1.8,
"url": "http://securitytracker.com/id?1013882"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/15227"
},
{
"trust": 1.2,
"url": "http://www.vupen.com/english/advisories/2005/0455"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2005/0455"
},
{
"trust": 0.3,
"url": "http://www.apple.com"
},
{
"trust": 0.3,
"url": "/archive/1/397489"
},
{
"trust": 0.1,
"url": ""
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/apple-osx-applescript-cve-2005-1331"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=9175"
},
{
"trust": 0.1,
"url": "http://remahl.se/david/vuln/010/\u003e"
},
{
"trust": 0.1,
"url": "http://remahl.se/david/vuln/012/\u003e"
},
{
"trust": 0.1,
"url": "http://remahl.se/david/vuln/011/\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=301528\u003e."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-1342"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-1341"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-1331"
},
{
"trust": 0.1,
"url": "http://remahl.se/david/vuln/004/\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-1337"
},
{
"trust": 0.1,
"url": "http://remahl.se/david/vuln/\u003e."
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026"
},
{
"trust": 0.1,
"url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/537878"
},
{
"trust": 0.1,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.1,
"url": "http://itrc.hp.com"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/882750"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12550"
},
{
"db": "VULMON",
"id": "CVE-2005-1341"
},
{
"db": "BID",
"id": "13503"
},
{
"db": "PACKETSTORM",
"id": "38718"
},
{
"db": "PACKETSTORM",
"id": "46611"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-902"
},
{
"db": "NVD",
"id": "CVE-2005-1341"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-12550"
},
{
"db": "VULMON",
"id": "CVE-2005-1341"
},
{
"db": "BID",
"id": "13503"
},
{
"db": "PACKETSTORM",
"id": "38718"
},
{
"db": "PACKETSTORM",
"id": "46611"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-902"
},
{
"db": "NVD",
"id": "CVE-2005-1341"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-04T00:00:00",
"db": "VULHUB",
"id": "VHN-12550"
},
{
"date": "2005-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2005-1341"
},
{
"date": "2005-05-03T00:00:00",
"db": "BID",
"id": "13503"
},
{
"date": "2005-07-15T06:39:33",
"db": "PACKETSTORM",
"id": "38718"
},
{
"date": "2006-05-24T08:55:30",
"db": "PACKETSTORM",
"id": "46611"
},
{
"date": "2005-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-902"
},
{
"date": "2005-05-04T04:00:00",
"db": "NVD",
"id": "CVE-2005-1341"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-12550"
},
{
"date": "2011-03-08T00:00:00",
"db": "VULMON",
"id": "CVE-2005-1341"
},
{
"date": "2009-07-12T14:06:00",
"db": "BID",
"id": "13503"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-902"
},
{
"date": "2011-03-08T02:21:38.750000",
"db": "NVD",
"id": "CVE-2005-1341"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "46611"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-902"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Mac OS X AppleScript Editor code confusing vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-902"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-902"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.