var-200512-0633
Vulnerability from variot
passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to create arbitrary world-writable files as root by specifying an alternate file in the password database option. Apple has also released updates to address these issues. Apple Mac OS X 'passwd' creates temporary files in an insecure manner. This could allow a local attacker to elevate their privileges. These issues were originally described in BID 16907 Apple Mac OS X Security Update 2006-001 Multiple Vulnerabilities. More information is available at the following link:
http://www.apple.com/macosx/
II.
The /usr/bin/passwd binary is a setuid application which allows users to change their password. There are two related vulnerabilities. The passwd binary does not check that the user has permissions to create a file in the location specified and does not set the created file permissions. By setting the file creation mask to 0 a user can create arbitrary files owned by root, with permissions which allow any user to change the contents.
The second vulnerability exists in the insecure creation of temporary
files with predictable names. The temporary filename created by the
process is in the form /tmp/.pwtmp.
III.
In the case of the first vulnerability, a new file could be created in the /etc directory, such as etc/rc.local_tuning, which is sourced if it exists during the system start up process as the root user.
The second vulnerability would allow an attacker overwrite a file with user controlled contents. This can be leveraged to provide privilege escalation by, for example, creating a new /etc/sudoers file.
IV.
V. WORKAROUND
Remove the setuid bit from the /usr/bin/passwd binary by executing the following command as root:
chmod -s /usr/bin/passwd
This workaround will prevent non-root users from being able to change their password.
VI. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the following names to these issues:
CVE-2005-2713 - passwd file creation and permissions
CVE-2005-2714 - temporary file symlink problem
VIII. DISCLOSURE TIMELINE
08/23/2005 Initial vendor notification 08/27/2005 Initial vendor response 03/02/2006 Coordinated public disclosure
IX. CREDIT
Discovery of these vulnerabilities are credited to vade79.
Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp
Free tools, research and upcoming events http://labs.idefense.com
X. LEGAL NOTICES
Copyright (c) 2006 iDefense, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
TITLE: Apple Mail Command Execution Vulnerability
SECUNIA ADVISORY ID: SA27785
VERIFY ADVISORY: http://secunia.com/advisories/27785/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/
DESCRIPTION: A vulnerability has been reported in Apple Mail, which can be exploited by malicious people to compromise a user's system. This can be exploited via a specially crafted email containing an attachment of an ostensibly safe file type (e.g. ".jpg") to execute arbitrary shell commands when the attachment is double-clicked.
SOLUTION: Do not open attachments from untrusted sources.
ORIGINAL ADVISORY: http://www.heise-security.co.uk/news/99257
OTHER REFERENCES: SA19064: http://secunia.com/advisories/19064/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. Details of the fixes are available via the PHP web site (www.php.net). PHP ships with Mac OS X but is disabled by default. This could cause the systems to become unresponsive, or possibly allow arbitrary code delivered from the file servers to run on the target system.
BOM CVE-ID: CVE-2006-0391 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5 Impact: Directory traversal may occur while unpacking archives with BOM Description: The BOM framework handles the unpacking of certain types of archives. This framework is vulnerable to a directory traversal attack that can allow archived files to be unpacked into arbitrary locations that are writable by the current user. This update addresses the issue by properly sanitizing those paths. Credit to Stephane Kardas of CERTA for reporting this issue. This could lead to privilege elevation. This update addresses the issue by anticipating a hostile environment and by creating temporary files securely. Credit to Ilja van Sprundel of Suresec LTD, vade79, and iDefense (idefense.com) for reporting this issue. This update secures the method in which a FileVault image is created. This update addresses the issues by correctly handling the conditions that may cause crashes. Credit to OUSPG from the University of Oulu, NISCC, and CERT-FI for coordinating and reporting this issue.
LibSystem CVE-ID: CVE-2005-3706 Available for: Mac OS X v10.4.5, Mac OS X Server v10.4.5 Impact: Attackers may cause crashes or arbitrary code execution depending upon the application Description: An attacker able to cause an application to make requests for large amounts of memory may also be able to trigger a heap buffer overflow. This could cause the targeted application to crash or execute arbitrary code. This update addresses the issue by correctly handling these memory requests. This issue does not affect systems prior to Mac OS X v10.4. Credit to Neil Archibald of Suresec LTD for reporting this issue.
Mail CVE-ID: CVE-2006-0395 Available for: Mac OS X v10.4.5, Mac OS X Server v10.4.5 Impact: Download Validation fails to warn about unsafe file types Description: In Mac OS X v10.4 Tiger, when an email attachment is double-clicked in Mail, Download Validation is used to warn the user if the file type is not "safe". Certain techniques can be used to disguise the file's type so that Download Validation is bypassed. This update addresses the issue by presenting Download Validation with the entire file, providing more information for Download Validation to detect unknown or unsafe file types in attachments.
perl CVE-ID: CVE-2005-4217 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9 Impact: Perl programs may fail to drop privileges Description: When a perl program running as root attempts to switch to another user ID, the operation may fail without notification to the program. This may cause a program to continue to run with root privileges, assuming they have been dropped. This can cause security issues in third-party tools. This update addresses the issue by preventing such applications from continuing if the operation fails. This issue does not affect Mac OS X v10.4 or later systems. Credit to Jason Self for reporting this issue.
rsync CVE-ID: CVE-2005-3712 Available for: Mac OS X v10.4.5, Mac OS X Server v10.4.5 Impact: Authenticated users may cause an rsync server to crash or execute arbitrary code Description: A heap-based buffer overflow may be triggered when the rsync server is used with the flag that allows extended attributes to be transferred. It may be possible for a malicious user with access to an rsync server to cause denial of service or code execution. This update addresses the problem by ensuring that the destination buffer is large enough to hold the extended attributes. This issue does not affect systems prior to Mac OS X v10.4. Credit to Jan-Derk Bakker for reporting this issue.
Safari CVE-ID: CVE-2005-4504 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5 Impact: Viewing a maliciously-crafted web page may result in arbitrary code execution Description: A heap-based buffer overflow in WebKit's handling of certain HTML could allow a malicious web site to cause a crash or execute arbitrary code as the user viewing the site. This update addresses the issue by preventing the condition causing the overflow. Credit to Suresec LTD for reporting this issue.
Safari CVE-ID: CVE-2006-0387 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5 Impact: Viewing a malicious web page may cause arbitrary code execution Description: By preparing a web page including specially-crafted JavaScript, an attacker may trigger a stack buffer overflow that could lead to arbitrary code execution with the privileges of the user. This update addresses the issue by performing additional bounds checking. An issue involving HTTP redirection can cause the browser to access a local file, bypassing certain restrictions. This update addresses the issue by preventing cross-domain HTTP redirects. When the "Open `safe' files after downloading" option is enabled in Safari's General preferences, visiting a malicious web site may result in the automatic download and execution of such a file. A proof-of-concept has been detected on public web sites that demonstrates the automatic execution of shell scripts.
Syndication CVE-ID: CVE-2006-0389 Available for: Mac OS X v10.4.5, Mac OS X Server v10.4.5 Impact: Subscriptions to malicious RSS content can lead to cross-site scripting Description: Syndication (Safari RSS) may allow JavaScript code embedded in feeds to run within the context of the RSS reader document, allowing malicious feeds to circumvent Safari's security model. This update addresses the issue by properly removing JavaScript code from feeds. Syndication is only available in Mac OS X v10.4 and later.
The following security enhancements are also included in this update:
FileVault: AES-128 encrypted FileVault disk images are now created with more restrictive operating system permissions. Credit to Eric Hall of DarkArt Consulting Services for reporting this issue.
iChat: A malicious application named Leap.A that attempts to propagate using iChat has been detected.
Users should use caution when opening files that are obtained from the network. Further information is available via: http://docs.info.apple.com/article.html?artnum=108009
Security Update 2006-001 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
For Mac OS X v10.4.5 (PowerPC) and Mac OS X Server v10.4.5 The download file is named: "SecUpd2006-001Ti.dmg" Its SHA-1 digest is: 999b73a54951b4e0a7f873fecf75f92840e8b439
For Mac OS X v10.4.5 (Intel) The download file is named: "SecUpd2006-001Intel.dmg" Its SHA-1 digest is: 473f94264876fa49fa15a8b6bb4bc30956502ad5
For Mac OS X v10.3.9 The download file is named: "SecUpd2006-001Pan.dmg" Its SHA-1 digest is: b6a000d451a1b1696726ff60142fc3da08042433
For Mac OS X Server v10.3.9 The download file is named: "SecUpdSrvr2006-001Pan.dmg" Its SHA-1 digest is: 2299380d72a61eadcbd0a5c6f46c924600ff5a9c
Information will also be posted to the Apple Product Security web site: http://docs.info.apple.com/article.html?artnum=61798
This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050)
iQEVAwUBRAYYVoHaV5ucd/HdAQJQWggApQmizj2t3+/87Fqun66/HCEkFt2YhUoe cmel0/KwJhWrk+LV+CYvixbDvKuGIjP8CWB9/s78YN93pOI5WcfyTKd07rEQYkT4 i8KPrM9QjdvgIjKd6O/VAOkzBc3DqV7KNVR2Hewa3jOigTm7Yxil9o/nZt1TLxAI 9TN0uduc13WHC8WE2N41I8MQ+VdGTX3ANZkfgR90lua4A2E1ab9kCN2qbg+E7Cus SkwsKp0qSH7bl8v0/R6c1hsYG0T1RwSWU6arAEliqzrrIbCm0Yxtgwp/CYFWC46j TQNCcppNgcr/pVPojACy8WFtQ3wEb6rJ4ZjH1C5nOem2EoCBh10WFw== =1Ww0 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200512-0633",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.6"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.7"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.9"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.2"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.8"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.4"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.4.3"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.6"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.1"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.4.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.4.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.4.4"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.4.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.4.2"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.9"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.2"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.4.2"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.4.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.3"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.5"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.7"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.4.3"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
}
],
"sources": [
{
"db": "BID",
"id": "16907"
},
{
"db": "BID",
"id": "16910"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-801"
},
{
"db": "NVD",
"id": "CVE-2005-2713"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2713"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "St\u00e9phane Kardas",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-801"
}
],
"trust": 0.6
},
"cve": "CVE-2005-2713",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "VHN-13922",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-2713",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200512-801",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-13922",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13922"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-801"
},
{
"db": "NVD",
"id": "CVE-2005-2713"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to create arbitrary world-writable files as root by specifying an alternate file in the password database option. \nApple has also released updates to address these issues. Apple Mac OS X \u0027passwd\u0027 creates temporary files in an insecure manner. This could allow a local attacker to elevate their privileges. \nThese issues were originally described in BID 16907 Apple Mac OS X Security Update 2006-001 Multiple Vulnerabilities. \nMore information is available at the following link:\n\n http://www.apple.com/macosx/\n\nII. \n\nThe /usr/bin/passwd binary is a setuid application which allows users to\nchange their password. There are two related vulnerabilities. The passwd binary does not check that the user has\npermissions to create a file in the location specified and does not set\nthe created file permissions. By setting the file creation mask to 0 a\nuser can create arbitrary files owned by root, with permissions which\nallow any user to change the contents. \n\nThe second vulnerability exists in the insecure creation of temporary\nfiles with predictable names. The temporary filename created by the\nprocess is in the form /tmp/.pwtmp.\u003cpid\u003e where \u003cpid\u003e is the process id\nof the passwd process. By creating a symbolic link to the target file,\nand then changing the password, it is possible to put controllable\ncontents into the target file. \n\nIII. \n\nIn the case of the first vulnerability, a new file could be created in\nthe /etc directory, such as etc/rc.local_tuning, which is sourced if it\nexists during the system start up process as the root user. \n\nThe second vulnerability would allow an attacker overwrite a file with\nuser controlled contents. This can be leveraged to provide privilege\nescalation by, for example, creating a new /etc/sudoers file. \n\nIV. \n\nV. WORKAROUND\n\nRemove the setuid bit from the /usr/bin/passwd binary by executing the\nfollowing command as root:\n\n chmod -s /usr/bin/passwd\n\nThis workaround will prevent non-root users from being able to change\ntheir password. \n\nVI. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nfollowing names to these issues:\n\n CVE-2005-2713 - passwd file creation and permissions\n\n CVE-2005-2714 - temporary file symlink problem\n\nVIII. DISCLOSURE TIMELINE\n\n08/23/2005 Initial vendor notification\n08/27/2005 Initial vendor response\n03/02/2006 Coordinated public disclosure\n\nIX. CREDIT\n\nDiscovery of these vulnerabilities are credited to vade79. \n\nGet paid for vulnerability research\nhttp://www.idefense.com/poi/teams/vcp.jsp\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com\n\nX. LEGAL NOTICES\n\nCopyright (c) 2006 iDefense, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDefense. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically, please\nemail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \nThere are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct, indirect,\nor consequential loss or damage arising from use of, or reliance on,\nthis information. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\n----------------------------------------------------------------------\n\n2003: 2,700 advisories published\n2004: 3,100 advisories published\n2005: 4,600 advisories published\n2006: 5,300 advisories published\n\nHow do you know which Secunia advisories are important to you?\n\nThe Secunia Vulnerability Intelligence Solutions allows you to filter\nand structure all the information you need, so you can address issues\neffectively. \n\nGet a free trial of the Secunia Vulnerability Intelligence Solutions:\nhttp://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv\n\n----------------------------------------------------------------------\n\nTITLE:\nApple Mail Command Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA27785\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/27785/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nApple Macintosh OS X\nhttp://secunia.com/product/96/\n\nDESCRIPTION:\nA vulnerability has been reported in Apple Mail, which can be\nexploited by malicious people to compromise a user\u0027s system. This can be exploited via a specially\ncrafted email containing an attachment of an ostensibly safe file type\n(e.g. \".jpg\") to execute arbitrary shell commands when the attachment\nis double-clicked. \n\nSOLUTION:\nDo not open attachments from untrusted sources. \n\nORIGINAL ADVISORY:\nhttp://www.heise-security.co.uk/news/99257\n\nOTHER REFERENCES:\nSA19064:\nhttp://secunia.com/advisories/19064/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. Details of the fixes are\navailable via the PHP web site (www.php.net). PHP ships with Mac OS\nX but is disabled by default. This\ncould cause the systems to become unresponsive, or possibly allow\narbitrary code delivered from the file servers to run on the target\nsystem. \n\nBOM\nCVE-ID: CVE-2006-0391\nAvailable for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X\nv10.4.5, Mac OS X Server v10.4.5\nImpact: Directory traversal may occur while unpacking archives with\nBOM\nDescription: The BOM framework handles the unpacking of certain\ntypes of archives. This framework is vulnerable to a directory\ntraversal attack that can allow archived files to be unpacked into\narbitrary locations that are writable by the current user. This\nupdate addresses the issue by properly sanitizing those paths. \nCredit to Stephane Kardas of CERTA for reporting this issue. This could lead to privilege elevation. This update\naddresses the issue by anticipating a hostile environment and by\ncreating temporary files securely. Credit to Ilja van Sprundel of\nSuresec LTD, vade79, and iDefense (idefense.com) for reporting this\nissue. This update secures the method in\nwhich a FileVault image is created. This update addresses the issues by\ncorrectly handling the conditions that may cause crashes. Credit to\nOUSPG from the University of Oulu, NISCC, and CERT-FI for\ncoordinating and reporting this issue. \n\nLibSystem\nCVE-ID: CVE-2005-3706\nAvailable for: Mac OS X v10.4.5, Mac OS X Server v10.4.5\nImpact: Attackers may cause crashes or arbitrary code execution\ndepending upon the application\nDescription: An attacker able to cause an application to make\nrequests for large amounts of memory may also be able to trigger a\nheap buffer overflow. This could cause the targeted application to\ncrash or execute arbitrary code. This update addresses the issue by\ncorrectly handling these memory requests. This issue does not\naffect systems prior to Mac OS X v10.4. Credit to Neil Archibald of\nSuresec LTD for reporting this issue. \n\nMail\nCVE-ID: CVE-2006-0395\nAvailable for: Mac OS X v10.4.5, Mac OS X Server v10.4.5\nImpact: Download Validation fails to warn about unsafe file types\nDescription: In Mac OS X v10.4 Tiger, when an email attachment is\ndouble-clicked in Mail, Download Validation is used to warn the\nuser if the file type is not \"safe\". Certain techniques can be used\nto disguise the file\u0027s type so that Download Validation is\nbypassed. This update addresses the issue by presenting Download\nValidation with the entire file, providing more information for\nDownload Validation to detect unknown or unsafe file types in\nattachments. \n\nperl\nCVE-ID: CVE-2005-4217\nAvailable for: Mac OS X v10.3.9, Mac OS X Server v10.3.9\nImpact: Perl programs may fail to drop privileges\nDescription: When a perl program running as root attempts to switch\nto another user ID, the operation may fail without notification to\nthe program. This may cause a program to continue to run with root\nprivileges, assuming they have been dropped. This can cause\nsecurity issues in third-party tools. This update addresses the\nissue by preventing such applications from continuing if the\noperation fails. This issue does not affect Mac OS X v10.4 or later\nsystems. Credit to Jason Self for reporting this issue. \n\nrsync\nCVE-ID: CVE-2005-3712\nAvailable for: Mac OS X v10.4.5, Mac OS X Server v10.4.5\nImpact: Authenticated users may cause an rsync server to crash or\nexecute arbitrary code\nDescription: A heap-based buffer overflow may be triggered when the\nrsync server is used with the flag that allows extended attributes\nto be transferred. It may be possible for a malicious user with\naccess to an rsync server to cause denial of service or code\nexecution. This update addresses the problem by ensuring that the\ndestination buffer is large enough to hold the extended attributes. \nThis issue does not affect systems prior to Mac OS X v10.4. Credit\nto Jan-Derk Bakker for reporting this issue. \n\nSafari\nCVE-ID: CVE-2005-4504\nAvailable for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X\nv10.4.5, Mac OS X Server v10.4.5\nImpact: Viewing a maliciously-crafted web page may result in\narbitrary code execution\nDescription: A heap-based buffer overflow in WebKit\u0027s handling of\ncertain HTML could allow a malicious web site to cause a crash or\nexecute arbitrary code as the user viewing the site. This update\naddresses the issue by preventing the condition causing the\noverflow. Credit to Suresec LTD for reporting this issue. \n\nSafari\nCVE-ID: CVE-2006-0387\nAvailable for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X\nv10.4.5, Mac OS X Server v10.4.5\nImpact: Viewing a malicious web page may cause arbitrary code\nexecution\nDescription: By preparing a web page including specially-crafted\nJavaScript, an attacker may trigger a stack buffer overflow that\ncould lead to arbitrary code execution with the privileges of the\nuser. This update addresses the issue by performing additional\nbounds checking. An issue involving HTTP\nredirection can cause the browser to access a local file, bypassing\ncertain restrictions. This update addresses the issue by preventing\ncross-domain HTTP redirects. When the \"Open `safe\u0027 files after downloading\" option\nis enabled in Safari\u0027s General preferences, visiting a malicious\nweb site may result in the automatic download and execution of such\na file. A proof-of-concept has been detected on public web sites\nthat demonstrates the automatic execution of shell scripts. \n\nSyndication\nCVE-ID: CVE-2006-0389\nAvailable for: Mac OS X v10.4.5, Mac OS X Server v10.4.5\nImpact: Subscriptions to malicious RSS content can lead to\ncross-site scripting\nDescription: Syndication (Safari RSS) may allow JavaScript code\nembedded in feeds to run within the context of the RSS reader\ndocument, allowing malicious feeds to circumvent Safari\u0027s security\nmodel. This update addresses the issue by properly removing\nJavaScript code from feeds. Syndication is only available in Mac OS\nX v10.4 and later. \n\nThe following security enhancements are also included in this update:\n\nFileVault: AES-128 encrypted FileVault disk images are now created\nwith more restrictive operating system permissions. Credit to Eric\nHall of DarkArt Consulting Services for reporting this issue. \n\niChat: A malicious application named Leap.A that attempts to\npropagate using iChat has been detected. \n\nUsers should use caution when opening files that are obtained from\nthe network. Further information is available via:\nhttp://docs.info.apple.com/article.html?artnum=108009\n\nSecurity Update 2006-001 may be obtained from the Software Update\npane in System Preferences, or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nFor Mac OS X v10.4.5 (PowerPC) and Mac OS X Server v10.4.5\nThe download file is named: \"SecUpd2006-001Ti.dmg\"\nIts SHA-1 digest is: 999b73a54951b4e0a7f873fecf75f92840e8b439\n\nFor Mac OS X v10.4.5 (Intel)\nThe download file is named: \"SecUpd2006-001Intel.dmg\"\nIts SHA-1 digest is: 473f94264876fa49fa15a8b6bb4bc30956502ad5\n\nFor Mac OS X v10.3.9\nThe download file is named: \"SecUpd2006-001Pan.dmg\"\nIts SHA-1 digest is: b6a000d451a1b1696726ff60142fc3da08042433\n\nFor Mac OS X Server v10.3.9\nThe download file is named: \"SecUpdSrvr2006-001Pan.dmg\"\nIts SHA-1 digest is: 2299380d72a61eadcbd0a5c6f46c924600ff5a9c\n\nInformation will also be posted to the Apple Product Security\nweb site:\nhttp://docs.info.apple.com/article.html?artnum=61798\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttp://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP Desktop 9.0.5 (Build 5050)\n\niQEVAwUBRAYYVoHaV5ucd/HdAQJQWggApQmizj2t3+/87Fqun66/HCEkFt2YhUoe\ncmel0/KwJhWrk+LV+CYvixbDvKuGIjP8CWB9/s78YN93pOI5WcfyTKd07rEQYkT4\ni8KPrM9QjdvgIjKd6O/VAOkzBc3DqV7KNVR2Hewa3jOigTm7Yxil9o/nZt1TLxAI\n9TN0uduc13WHC8WE2N41I8MQ+VdGTX3ANZkfgR90lua4A2E1ab9kCN2qbg+E7Cus\nSkwsKp0qSH7bl8v0/R6c1hsYG0T1RwSWU6arAEliqzrrIbCm0Yxtgwp/CYFWC46j\nTQNCcppNgcr/pVPojACy8WFtQ3wEb6rJ4ZjH1C5nOem2EoCBh10WFw==\n=1Ww0\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2713"
},
{
"db": "BID",
"id": "16907"
},
{
"db": "BID",
"id": "16910"
},
{
"db": "VULHUB",
"id": "VHN-13922"
},
{
"db": "PACKETSTORM",
"id": "44339"
},
{
"db": "PACKETSTORM",
"id": "61082"
},
{
"db": "PACKETSTORM",
"id": "44321"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-13922",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13922"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-2713",
"trust": 2.5
},
{
"db": "BID",
"id": "16910",
"trust": 2.0
},
{
"db": "BID",
"id": "16907",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "23646",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "19064",
"trust": 1.7
},
{
"db": "USCERT",
"id": "TA06-062A",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-0791",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200512-801",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "8546",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "8245",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "8546\u203b8245\u203b8361\u203b8246",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "8246",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "8361",
"trust": 0.6
},
{
"db": "IDEFENSE",
"id": "20060302 APPLE MAC OS X PASSWD ARBITRARY BINARY FILE CREATION/MODIFICATION",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060302 [OSX]: /USR/BIN/PASSWD LOCAL ROOT EXPLOIT.",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "TA06-062A",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2006-03-01",
"trust": 0.6
},
{
"db": "XF",
"id": "25272",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "44339",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "1545",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-13922",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "27785",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "61082",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "44321",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13922"
},
{
"db": "BID",
"id": "16907"
},
{
"db": "BID",
"id": "16910"
},
{
"db": "PACKETSTORM",
"id": "44339"
},
{
"db": "PACKETSTORM",
"id": "61082"
},
{
"db": "PACKETSTORM",
"id": "44321"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-801"
},
{
"db": "NVD",
"id": "CVE-2005-2713"
}
]
},
"id": "VAR-200512-0633",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-13922"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:45:01.566000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2713"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2006/mar/msg00000.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/16907"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/16910"
},
{
"trust": 1.7,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-062a.html"
},
{
"trust": 1.7,
"url": "http://docs.info.apple.com/article.html?artnum=303382"
},
{
"trust": 1.7,
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=400"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/23646"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/19064"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/426535/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/0791"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25272"
},
{
"trust": 0.7,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/0791"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/426535/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/25272"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/8546\u203b8245\u203b8361\u203b8246"
},
{
"trust": 0.3,
"url": "http://www.suresec.org/advisories/adv11.pdf"
},
{
"trust": 0.3,
"url": "/archive/1/426586"
},
{
"trust": 0.3,
"url": "/archive/1/426651"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-2713"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-2714"
},
{
"trust": 0.2,
"url": "http://docs.info.apple.com/article.html?artnum=61798"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/poi/teams/vcp.jsp"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=106704"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/27785/"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv"
},
{
"trust": 0.1,
"url": "http://www.heise-security.co.uk/news/99257"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/96/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/19064/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-0387"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-4504"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3712"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-0394"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3391"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-0395"
},
{
"trust": 0.1,
"url": "https://www.php.net)."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-4217"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-0391"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-0383"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-0384"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3353"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-0388"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=108009"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3706"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-0386"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3392"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13922"
},
{
"db": "BID",
"id": "16907"
},
{
"db": "BID",
"id": "16910"
},
{
"db": "PACKETSTORM",
"id": "44339"
},
{
"db": "PACKETSTORM",
"id": "61082"
},
{
"db": "PACKETSTORM",
"id": "44321"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-801"
},
{
"db": "NVD",
"id": "CVE-2005-2713"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-13922"
},
{
"db": "BID",
"id": "16907"
},
{
"db": "BID",
"id": "16910"
},
{
"db": "PACKETSTORM",
"id": "44339"
},
{
"db": "PACKETSTORM",
"id": "61082"
},
{
"db": "PACKETSTORM",
"id": "44321"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-801"
},
{
"db": "NVD",
"id": "CVE-2005-2713"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-13922"
},
{
"date": "2006-03-01T00:00:00",
"db": "BID",
"id": "16907"
},
{
"date": "2006-03-01T00:00:00",
"db": "BID",
"id": "16910"
},
{
"date": "2006-03-03T10:19:50",
"db": "PACKETSTORM",
"id": "44339"
},
{
"date": "2007-11-26T16:56:43",
"db": "PACKETSTORM",
"id": "61082"
},
{
"date": "2006-03-03T08:09:05",
"db": "PACKETSTORM",
"id": "44321"
},
{
"date": "2005-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-801"
},
{
"date": "2005-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2005-2713"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-13922"
},
{
"date": "2006-04-11T19:02:00",
"db": "BID",
"id": "16907"
},
{
"date": "2006-03-03T06:51:00",
"db": "BID",
"id": "16910"
},
{
"date": "2006-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-801"
},
{
"date": "2018-10-19T15:33:25.743000",
"db": "NVD",
"id": "CVE-2005-2713"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "16910"
},
{
"db": "PACKETSTORM",
"id": "44339"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-801"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple MacOS X BOMArchiveHelper Directory traversal vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-801"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-801"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.