Vulnerabilities > CVE-2003-1006 - Local Buffer Overflow vulnerability in MacOSX CD9660.Util Probe For Mounting Argument
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 and Apple Mac OS X Server 10.0 through 10.3.2 may allow local users to execute arbitrary code via a long command line parameter.
Vulnerable Configurations
Exploit-Db
| description | MacOSX 10 CD9660.Util Probe For Mounting Argument Local Buffer Overflow Vulnerability. CVE-2003-1006. Dos exploit for osx platform |
| id | EDB-ID:23442 |
| last seen | 2016-02-02 |
| modified | 2003-12-15 |
| published | 2003-12-15 |
| reporter | Max |
| source | https://www.exploit-db.com/download/23442/ |
| title | MacOSX 10 CD9660.Util Probe For Mounting Argument Local Buffer Overflow Vulnerability |
Nessus
NASL family MacOS X Local Security Checks NASL id APPLE-SA-2004-08-09.NASL description The remote Mac OS X host is missing Security Update 2003-12-19. Mac OS X contains a flaw that may allow a malicious user with local access to gain root access. The issue is triggered when the Ctrl and c keys are pressed on the connected USB keyboard during boot and thus interrupting the system initialization. It is possible that the flaw may allow root access resulting in a loss of integrity. last seen 2020-06-01 modified 2020-06-02 plugin id 14251 published 2004-08-10 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14251 title Apple Mac OS X USB Keyboard Ctrl Key Root Access (Apple SA 2003-12-19) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(14251); script_version("1.18"); script_cvs_date("Date: 2018/06/27 18:42:25"); script_cve_id("CVE-2003-1011"); script_bugtraq_id(8945); script_xref(name:"Secunia", value:"10474"); script_name(english:"Apple Mac OS X USB Keyboard Ctrl Key Root Access (Apple SA 2003-12-19)"); script_summary(english:"Checks for Security Update 2003-12-19"); script_set_attribute(attribute:"synopsis", value: "The remote host is affected by a local privilege escalation vulnerability." ); script_set_attribute(attribute:"description", value: "The remote Mac OS X host is missing Security Update 2003-12-19. Mac OS X contains a flaw that may allow a malicious user with local access to gain root access. The issue is triggered when the Ctrl and c keys are pressed on the connected USB keyboard during boot and thus interrupting the system initialization. It is possible that the flaw may allow root access resulting in a loss of integrity." ); script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=61798" ); script_set_attribute(attribute:"solution", value: "Apply Mac OS X security update 2003-12-19." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/08/10"); script_set_attribute(attribute:"vuln_publication_date", value: "2003/12/19"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe",value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_family(english:"MacOS X Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages"); exit(0); } packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); uname = get_kb_item("Host/uname"); # MacOS X 10.2.8 and 10.3.2 only if ( egrep(pattern:"Darwin.* (6\.8\.|7\.2\.)", string:uname) ) { if ( ! egrep(pattern:"^SecUpd2003-12-19", string:packages) ) { security_hole(0); } else { #all can fixes with this security updates #set_kb_item(name:"CVE-2003-1007", value:TRUE); #set_kb_item(name:"CVE-2003-1006", value:TRUE); #set_kb_item(name:"CVE-2003-1009", value:TRUE); #set_kb_item(name:"CVE-2003-0792", value:TRUE); #set_kb_item(name:"CVE-2003-1010", value:TRUE); #set_kb_item(name:"CVE-2003-0962", value:TRUE); #set_kb_item(name:"CVE-2003-1005", value:TRUE); #set_kb_item(name:"CVE-2003-1008", value:TRUE); set_kb_item(name:"CVE-2003-1011", value:TRUE); } }NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD20031219.NASL description The remote host is missing Security Update 2003-12-19. This security update includes the following components : - AFP Server - cd9600.util - Directory Services - fetchmail - fs_usage - rsync - System Initialization For MacOS X 10.3, it also includes : - ASN.1 Decoding for PKI This update contains various fixes which may allow an attacker to execute arbitrary code on the remote host. last seen 2020-06-01 modified 2020-06-02 plugin id 12516 published 2004-07-06 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/12516 title Mac OS X Multiple Vulnerabilities (Security Update 2003-12-19) code # # (C) Tenable Network Security, Inc. # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(12516); script_version ("1.17"); script_cve_id("CVE-2003-1007", "CVE-2003-1008", "CVE-2003-1010", "CVE-2003-1011", "CVE-2003-1006", "CVE-2003-0962", "CVE-2003-1009", "CVE-2003-0851", "CVE-2003-0792"); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2003-12-19)"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X security update." ); script_set_attribute(attribute:"description", value: "The remote host is missing Security Update 2003-12-19. This security update includes the following components : - AFP Server - cd9600.util - Directory Services - fetchmail - fs_usage - rsync - System Initialization For MacOS X 10.3, it also includes : - ASN.1 Decoding for PKI This update contains various fixes which may allow an attacker to execute arbitrary code on the remote host." ); # http://web.archive.org/web/20060418210647/http://docs.info.apple.com/article.html?artnum=120291 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?44c2938e"); script_set_attribute(attribute:"solution", value: "Install security update 2003-12-19. For more information, see http://support.apple.com/kb/HT1646." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/06"); script_set_attribute(attribute:"vuln_publication_date", value: "2003/10/20"); script_set_attribute(attribute:"patch_publication_date", value: "2003/12/19"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_summary(english:"Check for Security Update 2003-12-19"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_family(english:"MacOS X Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages"); exit(0); } # packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); uname = get_kb_item("Host/uname"); # Security Update 2004-05-03 actually includes this update for MacOS X 10.2.8 Client if ( egrep(pattern:"Darwin.* 6\.8\.", string:uname) ) { if ( egrep(pattern:"^SecUpd2004-05-03", string:packages) ) exit(0); } # MacOS X 10.2.8 and 10.3.3 only if ( egrep(pattern:"Darwin.* (6\.8\.|7\.[12]\.)", string:uname) ) { if ( ! egrep(pattern:"^SecurityUpd2003-12-19", string:packages) ) security_hole(0); }
References
- http://docs.info.apple.com/article.html?artnum=61798
- http://www.kb.cert.org/vuls/id/878526
- http://www.securityfocus.com/archive/1/347578
- http://www.securityfocus.com/archive/1/347707
- http://www.securityfocus.com/archive/1/348097
- http://www.securityfocus.com/bid/9228
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13995