Vulnerabilities > CVE-2003-1006 - Local Buffer Overflow vulnerability in MacOSX CD9660.Util Probe For Mounting Argument

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
apple
nessus
exploit available

Summary

Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 and Apple Mac OS X Server 10.0 through 10.3.2 may allow local users to execute arbitrary code via a long command line parameter.

Exploit-Db

descriptionMacOSX 10 CD9660.Util Probe For Mounting Argument Local Buffer Overflow Vulnerability. CVE-2003-1006. Dos exploit for osx platform
idEDB-ID:23442
last seen2016-02-02
modified2003-12-15
published2003-12-15
reporterMax
sourcehttps://www.exploit-db.com/download/23442/
titleMacOSX 10 CD9660.Util Probe For Mounting Argument Local Buffer Overflow Vulnerability

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idAPPLE-SA-2004-08-09.NASL
    descriptionThe remote Mac OS X host is missing Security Update 2003-12-19. Mac OS X contains a flaw that may allow a malicious user with local access to gain root access. The issue is triggered when the Ctrl and c keys are pressed on the connected USB keyboard during boot and thus interrupting the system initialization. It is possible that the flaw may allow root access resulting in a loss of integrity.
    last seen2020-06-01
    modified2020-06-02
    plugin id14251
    published2004-08-10
    reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14251
    titleApple Mac OS X USB Keyboard Ctrl Key Root Access (Apple SA 2003-12-19)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
     script_id(14251);
     script_version("1.18");
     script_cvs_date("Date: 2018/06/27 18:42:25");
    
     script_cve_id("CVE-2003-1011");
     script_bugtraq_id(8945);
     script_xref(name:"Secunia", value:"10474");
     
     script_name(english:"Apple Mac OS X USB Keyboard Ctrl Key Root Access (Apple SA 2003-12-19)");
     script_summary(english:"Checks for Security Update 2003-12-19");
    
     script_set_attribute(attribute:"synopsis", value:
    "The remote host is affected by a local privilege escalation
    vulnerability." );
     script_set_attribute(attribute:"description", value:
    "The remote Mac OS X host is missing Security Update 2003-12-19.
    
    Mac OS X contains a flaw that may allow a malicious user 
    with local access to gain root access. 
    
    The issue is triggered when the Ctrl and c keys are pressed 
    on the connected USB keyboard during boot and thus interrupting 
    the system initialization. 
    
    It is possible that the flaw may allow root access resulting 
    in a loss of integrity." );
     script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=61798" );
     script_set_attribute(attribute:"solution", value:
    "Apply Mac OS X security update 2003-12-19." );
     script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"false");
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2004/08/10");
     script_set_attribute(attribute:"vuln_publication_date", value: "2003/12/19");
     script_set_attribute(attribute:"plugin_type", value:"local");
     script_set_attribute(attribute:"cpe",value:"cpe:/o:apple:mac_os_x");
     script_end_attributes();
    
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
     script_family(english:"MacOS X Local Security Checks");
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/MacOSX/packages");
     exit(0);
    }
    
    
    packages = get_kb_item("Host/MacOSX/packages");
    if ( ! packages ) exit(0);
    
    uname = get_kb_item("Host/uname");
    # MacOS X 10.2.8 and 10.3.2 only
    if ( egrep(pattern:"Darwin.* (6\.8\.|7\.2\.)", string:uname) )
    {
      if ( ! egrep(pattern:"^SecUpd2003-12-19", string:packages) ) 
      {
    	security_hole(0);
      }
      else
      {
      	#all can fixes with this security updates
    	#set_kb_item(name:"CVE-2003-1007", value:TRUE);
      	#set_kb_item(name:"CVE-2003-1006", value:TRUE);
      	#set_kb_item(name:"CVE-2003-1009", value:TRUE);
      	#set_kb_item(name:"CVE-2003-0792", value:TRUE);
      	#set_kb_item(name:"CVE-2003-1010", value:TRUE);
      	#set_kb_item(name:"CVE-2003-0962", value:TRUE);
      	#set_kb_item(name:"CVE-2003-1005", value:TRUE);
      	#set_kb_item(name:"CVE-2003-1008", value:TRUE);
    	set_kb_item(name:"CVE-2003-1011", value:TRUE);
      }
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD20031219.NASL
    descriptionThe remote host is missing Security Update 2003-12-19. This security update includes the following components : - AFP Server - cd9600.util - Directory Services - fetchmail - fs_usage - rsync - System Initialization For MacOS X 10.3, it also includes : - ASN.1 Decoding for PKI This update contains various fixes which may allow an attacker to execute arbitrary code on the remote host.
    last seen2020-06-01
    modified2020-06-02
    plugin id12516
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/12516
    titleMac OS X Multiple Vulnerabilities (Security Update 2003-12-19)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    if ( ! defined_func("bn_random") ) exit(0);
    
    include("compat.inc");
    
    if(description)
    {
     script_id(12516);
     script_version ("1.17");
     script_cve_id("CVE-2003-1007", "CVE-2003-1008", "CVE-2003-1010", "CVE-2003-1011",
                   "CVE-2003-1006", "CVE-2003-0962", "CVE-2003-1009", "CVE-2003-0851", "CVE-2003-0792");
    
     script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2003-12-19)");
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a Mac OS X security update." );
     script_set_attribute(attribute:"description", value:
    "The remote host is missing Security Update 2003-12-19.
    
    This security update includes the following components :
    
     - AFP Server
     - cd9600.util
     - Directory Services
     - fetchmail
     - fs_usage
     - rsync
     - System Initialization
    
    For MacOS X 10.3, it also includes :
    
     - ASN.1 Decoding for PKI
    
    This update contains various fixes which may allow an attacker to execute
    arbitrary code on the remote host." );
     # http://web.archive.org/web/20060418210647/http://docs.info.apple.com/article.html?artnum=120291
     script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?44c2938e");
     script_set_attribute(attribute:"solution", value:
    "Install security update 2003-12-19. For more information,
    see http://support.apple.com/kb/HT1646." );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
     script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
     script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/06");
     script_set_attribute(attribute:"vuln_publication_date", value: "2003/10/20");
     script_set_attribute(attribute:"patch_publication_date", value: "2003/12/19");
     script_cvs_date("Date: 2018/07/14  1:59:35");
    script_set_attribute(attribute:"plugin_type", value:"local");
    script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
    script_end_attributes();
    
     script_summary(english:"Check for Security Update 2003-12-19");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
     script_family(english:"MacOS X Local Security Checks");
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/MacOSX/packages");
     exit(0);
    }
    
    #
    
    packages = get_kb_item("Host/MacOSX/packages");
    if ( ! packages ) exit(0);
    
    uname = get_kb_item("Host/uname");
    
    # Security Update 2004-05-03 actually includes this update for MacOS X 10.2.8 Client
    if ( egrep(pattern:"Darwin.* 6\.8\.", string:uname) )
    {
     if ( egrep(pattern:"^SecUpd2004-05-03", string:packages) ) exit(0);
    }
    
    
    
    # MacOS X 10.2.8 and 10.3.3 only
    if ( egrep(pattern:"Darwin.* (6\.8\.|7\.[12]\.)", string:uname) )
    {
      if ( ! egrep(pattern:"^SecurityUpd2003-12-19", string:packages) ) security_hole(0);
    }