Vulnerabilities > CVE-2004-0485 - Unspecified vulnerability in Apple mac OS X 10.2.8/10.3.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
The default protocol helper for the disk: URI on Mac OS X 10.3.3 and 10.2.8 allows remote attackers to write arbitrary files by causing a disk image file (.dmg) to be mounted as a disk volume.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 2 |
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_VERSION.NASL description The version of Mac OS X on the remote system is unsupported, and therefore unable to receive the latest security updates from Apple. last seen 2016-09-26 modified 2015-09-24 plugin id 12521 published 2004-07-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=12521 title MacOS X Version Unsupported code #%NASL_MIN_LEVEL 999999 # @DEPRECATED@ # # Disabled on 2014/07/06. Deprecated by unsupported_operating_system.nasl. # # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(12521); script_version("1.28"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01"); script_cve_id("CVE-2004-0743", "CVE-2004-0744", "CVE-2004-0485"); script_bugtraq_id(10904, 10406, 10401, 10400); script_name(english:"MacOS X Version Unsupported"); script_summary(english:"Check for the version of MacOS X"); script_set_attribute(attribute:"synopsis", value:"The remote host is using an unsupported version of Mac OS X."); script_set_attribute(attribute:"description", value: "The version of Mac OS X on the remote system is unsupported, and therefore unable to receive the latest security updates from Apple."); script_set_attribute(attribute:"solution", value:"Upgrade to an up-to-date version of Mac OS X."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"unsupported_by_vendor", value:"true"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2004-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("os_fingerprint.nasl", "ssh_get_info.nasl"); script_require_keys("Host/OS"); exit(0); } # Deprecated. exit(0, "This plugin has been deprecated. Use plugin #33850 (unsupported_operating_system.nasl) instead."); # os = get_kb_item("Host/MacOSX/Version"); if ( ! os ) os = get_kb_item("Host/OS"); if ( ! os ) exit(0, "The 'Host/MacOSX/Version' and 'Host/OS' KB items are missing."); if ( os && "Mac OS X" >< os ) { version = os - "Mac OS X "; set_kb_item(name:"Host/MacOSX", value: os); if ( ereg(pattern:"Mac OS X 10\.1\.", string:os )) { report = " The remote host is running Mac OS X 10.1. This version is not supported by Apple any more, you should upgrade the remote host to the latest version of Mac OS X. "; if ( ereg(pattern:"Mac OS X 10\.1\.[0-4]", string:os )) { report += " In addition to this, the remote host should at least be upgraded to MacOS 10.1.5 using 'softwareupdate', as it is the last supported version of the system. "; } if (defined_func("report_xml_tag")) { report_xml_tag(tag:"operating-system-unsupported", value:"true"); report_xml_tag(tag:"UnsupportedProduct:apple:mac_os_x:"+version, value:"true"); } security_hole(port:0, extra:report); } if ( ereg(pattern:"Mac OS X 10\.2\.", string:os )) { report = " The remote host is running Mac OS X 10.2. This version is not supported by Apple any more, you should upgrade the remote host to the latest version of Mac OS X. "; if ( ereg(pattern:"Mac OS X 10\.2\.[0-7]", string:os )) { report += " In addition to this, the remote host should at least be upgraded to MacOS 10.2.8 using 'softwareupdate', as it is the last supported version of the system. "; } if (defined_func("report_xml_tag")) { report_xml_tag(tag:"operating-system-unsupported", value:"true"); report_xml_tag(tag:"UnsupportedProduct:apple:mac_os_x:"+version, value:"true"); } security_hole(port:0, extra:report); } if ( ereg(pattern:"Mac OS X 10\.([3-9]|2\.8)", string:os ) ) { set_kb_item(name:"CVE-2003-0542", value:TRUE); set_kb_item(name:"CVE-2003-0543", value:TRUE); set_kb_item(name:"CVE-2003-0544", value:TRUE); set_kb_item(name:"CVE-2003-0545", value:TRUE); } if ( ereg(pattern:"Mac OS X 10\.3\.[0-8]", string:os )) { report = " The remote host is running a version of Mac OS X 10.3 which is older than version 10.3.9. Apple's newest security updates require Mac OS X 10.3.9 to be applied properly. The remote host should be upgraded to this version as soon as possible. "; if (defined_func("report_xml_tag")) { report_xml_tag(tag:"operating-system-unsupported", value:"true"); report_xml_tag(tag:"UnsupportedProduct:apple:mac_os_x:"+version, value:"true"); } security_hole(port:0, extra:report); } if ( ereg(pattern:"Mac OS X 10\.(3\.[3-9]|[4-9])", string:os )) { set_kb_item(name:"CVE-2004-0174", value:TRUE); set_kb_item(name:"CVE-2003-0020", value:TRUE); } if ( ereg(pattern:"Mac OS X 10\.(3\.[4-9]|[4-9])", string:os)) { set_kb_item(name:"CVE-2004-0174", value:TRUE); set_kb_item(name:"CVE-2003-0020", value:TRUE); set_kb_item(name:"CVE-2004-0079", value:TRUE); set_kb_item(name:"CVE-2004-0081", value:TRUE); set_kb_item(name:"CVE-2004-0112", value:TRUE); } if ( ereg(pattern:"Mac OS X 10\.(3\.[5-9]|[4-9])", string:os)) { set_kb_item(name:"CVE-2002-1363", value:TRUE); set_kb_item(name:"CVE-2004-0421", value:TRUE); set_kb_item(name:"CVE-2004-0597", value:TRUE); set_kb_item(name:"CVE-2004-0598", value:TRUE); set_kb_item(name:"CVE-2004-0599", value:TRUE); set_kb_item(name:"CVE-2004-0743", value:TRUE); set_kb_item(name:"CVE-2004-0744", value:TRUE); } if ( ereg(pattern:"Mac OS X 10\.(3\.[7-9]|[4-9])", string:os)) { set_kb_item(name:"CVE-2004-1082", value:TRUE); set_kb_item(name:"CVE-2003-0020", value:TRUE); set_kb_item(name:"CVE-2003-0987", value:TRUE); set_kb_item(name:"CVE-2004-0174", value:TRUE); set_kb_item(name:"CVE-2004-0488", value:TRUE); set_kb_item(name:"CVE-2004-0492", value:TRUE); set_kb_item(name:"CVE-2004-0885", value:TRUE); set_kb_item(name:"CVE-2004-0940", value:TRUE); set_kb_item(name:"CVE-2004-1083", value:TRUE); set_kb_item(name:"CVE-2004-1084", value:TRUE); set_kb_item(name:"CVE-2004-0747", value:TRUE); set_kb_item(name:"CVE-2004-0786", value:TRUE); set_kb_item(name:"CVE-2004-0751", value:TRUE); set_kb_item(name:"CVE-2004-0748", value:TRUE); set_kb_item(name:"CVE-2004-1081", value:TRUE); set_kb_item(name:"CVE-2004-0803", value:TRUE); set_kb_item(name:"CVE-2004-0804", value:TRUE); set_kb_item(name:"CVE-2004-0886", value:TRUE); set_kb_item(name:"CVE-2004-1089", value:TRUE); set_kb_item(name:"CVE-2004-1085", value:TRUE); set_kb_item(name:"CVE-2004-0642", value:TRUE); set_kb_item(name:"CVE-2004-0643", value:TRUE); set_kb_item(name:"CVE-2004-0644", value:TRUE); set_kb_item(name:"CVE-2004-0772", value:TRUE); set_kb_item(name:"CVE-2004-1088", value:TRUE); set_kb_item(name:"CVE-2004-1086", value:TRUE); set_kb_item(name:"CVE-2004-1123", value:TRUE); set_kb_item(name:"CVE-2004-1121", value:TRUE); set_kb_item(name:"CVE-2004-1122", value:TRUE); set_kb_item(name:"CVE-2004-1087", value:TRUE); } }NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD20040524.NASL description The remote host is missing Security Update 2004-05-24. This security update includes fixes for the following components : HelpViewer Terminal This update fixes security issues that could allow an attacker to execute arbitrary commands on the remote host by exploiting a flaw in Safari and the components listed above. A remote attacker could exploit this flaw by tricking a user into visiting a malicious website. last seen 2020-06-01 modified 2020-06-02 plugin id 12519 published 2004-07-06 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/12519 title Mac OS X Multiple Vulnerabilities (Security Update 2004-05-24) code # # (C) Tenable Network Security, Inc. # # URLs dead #"macosx_SecUpd20040503.nasl" #http://www.apple.com/downloads/macosx/apple/securityupdate__2004-05-24_(10_3_3).html #http://www.apple.com/downloads/macosx/apple/securityupdate_2004-05-24_(10_2_8).html if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(12519); script_version ("1.13"); script_cve_id("CVE-2004-0485", "CVE-2004-0486"); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2004-05-24)"); script_summary(english:"Check for Security Update 2004-05-24"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes a security issue." ); script_set_attribute( attribute:"description", value: "The remote host is missing Security Update 2004-05-24. This security update includes fixes for the following components : HelpViewer Terminal This update fixes security issues that could allow an attacker to execute arbitrary commands on the remote host by exploiting a flaw in Safari and the components listed above. A remote attacker could exploit this flaw by tricking a user into visiting a malicious website." ); # http://web.archive.org/web/20080915104713/http://support.apple.com/kb/HT1646? script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?210abeb5" ); script_set_attribute( attribute:"solution", value:"Install Security Update 2004-05-24." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/06"); script_set_attribute(attribute:"vuln_publication_date", value: "2004/05/14"); script_set_attribute(attribute:"patch_publication_date", value: "2004/05/21"); script_cvs_date("Date: 2018/08/10 18:07:07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages"); exit(0); } packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); uname = get_kb_item("Host/uname"); # MacOS X 10.2.8 and 10.3.3 only if ( egrep(pattern:"Darwin.* (6\.8\.|7\.3\.)", string:uname) ) { if ( ! egrep(pattern:"^SecUpd2004-05-24", string:packages) ) security_warning(0); }NASL family MacOS X Local Security Checks NASL id MACOSX_MULTIPLE_VULNS.NASL description The remote host is running a version of Mac OS X that is older than 10.3.4. Such versions contain several flaws that may allow an attacker to execute arbitrary commands on the remote system with root privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 12257 published 2004-06-01 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/12257 title Mac OS X < 10.3.4 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(12257); script_version("1.27"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id("CVE-2004-0171", "CVE-2004-0430", "CVE-2004-0485", "CVE-2004-0513", "CVE-2004-0514", "CVE-2004-0515", "CVE-2004-0516", "CVE-2004-0517", "CVE-2004-0518"); script_bugtraq_id(10268, 10271, 10432); script_name(english:"Mac OS X < 10.3.4 Multiple Vulnerabilities"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes a security issue." ); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X that is older than 10.3.4. Such versions contain several flaws that may allow an attacker to execute arbitrary commands on the remote system with root privileges." ); # nb: http://docs.info.apple.com/article.html?artnum=300667 redirects to http://support.apple.com/kb/HT1646 script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT1646" ); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2004/May/msg00005.html" ); script_set_attribute(attribute:"solution", value:"Upgrade to Mac OS X 10.3.4 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'AppleFileServer LoginExt PathName Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/06/01"); script_set_attribute(attribute:"vuln_publication_date", value: "2004/05/03"); script_set_attribute(attribute:"patch_publication_date", value: "2004/05/28"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_end_attributes(); script_summary(english:"Various flaws in MacOS X"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_family(english:"MacOS X Local Security Checks"); script_dependencies("os_fingerprint.nasl"); script_require_keys("Host/OS"); exit(0); } # # The Operating system is actually very detailed, because we can read # its exact version using NTP or RendezVous os = get_kb_item("Host/OS"); if ( ! os || "Mac OS X" >!< os ) exit(0); if ( egrep(pattern:"Mac OS X 10\.([01]\.|3\.[0-3])", string:os) ) security_hole(0);