Vulnerabilities > CVE-2004-1084 - Unspecified vulnerability in Apple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
apple
nessus

Summary

Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2005-007.NASL
    descriptionThe remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2005-007 applied. This security update contains fixes for the following products : - Apache 2 - AppKit - Bluetooth - CoreFoundation - CUPS - Directory Services - HItoolbox - Kerberos - loginwindow - Mail - MySQL - OpenSSL - QuartzComposerScreenSaver - ping - Safari - SecurityInterface - servermgrd - servermgr_ipfilter - SquirelMail - traceroute - WebKit - WebLog Server - X11 - zlib
    last seen2020-06-01
    modified2020-06-02
    plugin id19463
    published2005-08-18
    reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19463
    titleMac OS X Multiple Vulnerabilities (Security Update 2005-007)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    if ( ! defined_func("bn_random") ) exit(0);
    if (NASL_LEVEL < 3004) exit(0);
    
    include("compat.inc");
    
    if(description)
    {
     script_id(19463);
     script_version ("1.15");
     script_cvs_date("Date: 2018/07/14  1:59:35");
    
     script_cve_id("CVE-2005-1344", "CVE-2004-0942", "CVE-2004-0885", "CVE-2004-1083", "CVE-2004-1084",
                   "CVE-2005-2501", "CVE-2005-2502", "CVE-2005-2503", "CVE-2005-2504", "CVE-2005-2505",
                   "CVE-2005-2506", "CVE-2005-2525", "CVE-2005-2526", "CVE-2005-2507", "CVE-2005-2508",
                   "CVE-2005-2519", "CVE-2005-2513", "CVE-2004-1189", "CVE-2005-1174", "CVE-2005-1175",
                   "CVE-2005-1689", "CVE-2005-2511", "CVE-2005-2509", "CVE-2005-2512", "CVE-2005-2745",
                   "CVE-2005-0709", "CVE-2005-0710", "CVE-2005-0711", "CVE-2004-0079", "CVE-2004-0112",
                   "CVE-2005-2514", "CVE-2005-2515", "CVE-2005-2516", "CVE-2005-2517", "CVE-2005-2524",
                   "CVE-2005-2520", "CVE-2005-2518", "CVE-2005-2510", "CVE-2005-1769", "CVE-2005-2095",
                   "CVE-2005-2521", "CVE-2005-2522", "CVE-2005-2523", "CVE-2005-0605", "CVE-2005-2096",
                   "CVE-2005-1849");
     script_bugtraq_id(14567, 14569);
    
     script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2005-007)");
     script_summary(english:"Check for Security Update 2005-007");
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a Mac OS X update that fixes various
    security issues." );
     script_set_attribute(attribute:"description",  value:
    "The remote host is running a version of Mac OS X 10.4 or 10.3 that
    does not have Security Update 2005-007 applied.
    
    This security update contains fixes for the following products :
    
      - Apache 2
      - AppKit
      - Bluetooth
      - CoreFoundation
      - CUPS
      - Directory Services
      - HItoolbox
      - Kerberos
      - loginwindow
      - Mail
      - MySQL
      - OpenSSL
      - QuartzComposerScreenSaver
      - ping
      - Safari
      - SecurityInterface
      - servermgrd
      - servermgr_ipfilter
      - SquirelMail
      - traceroute
      - WebKit
      - WebLog Server
      - X11
      - zlib" );
      # http://web.archive.org/web/20060406190355/http://docs.info.apple.com/article.html?artnum=302163
      script_set_attribute(
        attribute:"see_also", 
        value:"http://www.nessus.org/u?74ffa359"
      );
     script_set_attribute(attribute:"solution", value:
    "!Install Security Update 2005-007." );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(119);
     script_set_attribute(attribute:"plugin_publication_date", value: "2005/08/18");
     script_set_attribute(attribute:"vuln_publication_date", value: "2005/08/12");
     script_set_attribute(attribute:"patch_publication_date", value: "2005/08/12");
     script_set_attribute(attribute:"plugin_type", value:"local");
     script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
     script_end_attributes();
    
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
     script_family(english:"MacOS X Local Security Checks");
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/MacOSX/packages");
     exit(0);
    }
    
    #
    
    packages = get_kb_item("Host/MacOSX/packages");
    if ( ! packages ) exit(0);
    
    
    uname = get_kb_item("Host/uname");
    # MacOS X 10.4.2
    if ( egrep(pattern:"Darwin.* (7\.[0-9]\.|8\.2\.)", string:uname) )
    {
      if (!egrep(pattern:"^SecUpd(Srvr)?2005-007", string:packages)) security_hole(0);
    }
    
  • NASL familyWeb Servers
    NASL idHFS_FORK_SOURCE.NASL
    descriptionThe remote host seems to be running Mac OS X or Mac OS X Server. There is a flaw in the remote web server that allows an attacker to obtain the source code of any given file on the remote web server by reading it through its data fork directly. An attacker may exploit this flaw to obtain the source code of remote scripts.
    last seen2020-06-01
    modified2020-06-02
    plugin id15927
    published2004-12-09
    reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15927
    titleApache on Mac OS X HFS+ Arbitrary File Source Disclosure
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
     script_id(15927);
     script_version("1.27");
     script_cvs_date("Date: 2018/07/12 19:01:16");
    
     script_cve_id("CVE-2004-1083", "CVE-2004-1084");
     script_bugtraq_id(11802);
    
     script_name(english:"Apache on Mac OS X HFS+ Arbitrary File Source Disclosure");
     script_summary(english:"downloads the source of a remote script");
    
     script_set_attribute(attribute:"synopsis", value:
    "The remote web server is affected by an information disclosure
    vulnerability.");
     script_set_attribute(attribute:"description", value:
    "The remote host seems to be running Mac OS X or Mac OS X Server. 
    
    There is a flaw in the remote web server that allows an attacker to
    obtain the source code of any given file on the remote web server by
    reading it through its data fork directly.  An attacker may exploit
    this flaw to obtain the source code of remote scripts.");
     script_set_attribute(attribute:"solution", value:
    "Install the latest Apple Security Patches.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    	
     script_set_attribute(attribute:"plugin_publication_date", value:"2004/12/09");
     script_set_attribute(attribute:"vuln_publication_date", value:"2004/12/02");
    
     script_set_attribute(attribute:"plugin_type", value:"remote");
     script_end_attributes();
     
     script_category(ACT_GATHER_INFO);
     
     script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
     script_family(english:"Web Servers");
    
     script_dependencie("http_version.nasl", "os_fingerprint.nasl");
     script_require_ports("Services/www", 80);
     exit(0);
    }
    
    #
    # The script code starts here
    #
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    
    os = get_kb_item("Host/OS");
    if (os && "Mac OS X" >!< os) exit(0, "The remote host was not fingerprinted as Mac OS X.");
    
    
    port = get_http_port(default:80);
    if ( get_kb_item("www/no404/" + port  ) ) exit(0);
    
    function check(file, pattern)
    {
      local_var	r, u, rep;
      u = strcat(file, "/..namedfork/data");
      r = http_send_recv3(method: 'GET', port: port, item: u);
      if (isnull(r)) exit(1, "The web server on port "+port+" failed to respond.");
    
      if (r[0] =~ "^HTTP/[01]\.[01] +200 " && (pattern >< r[2] ))
      {
         # Avoid FP
         r = http_send_recv3(method: 'GET', port: port, item: strcat(file, "/..", rand()));
         if (isnull(r)) exit(1, "The web server on port "+port+" failed to respond.");
    
         if (r[0] =~ "^HTTP/[01]\.[01] +200 " && (pattern >< r[2])) return 0;
    
    	  rep = strcat('\nThe output from the following URLs should demonstrate the issue :\n\n - ', build_url(port:port, qs:file), '\n - ', build_url(port:port, qs:u), '\n');
    	security_warning (port:port, extra: rep );
    	return 1;
    	}
    
     return 0 ;
    }
    
    check(file:"/index.php", pattern:"<?");
    files = get_kb_list(string("www/", port, "/content/extensions/php"));
    if(!isnull(files))
    {
     files = make_list(files);
     check(file:files[0], pattern:"<?");
    }
    # all this does is check if requesting /index.html/..namedfork/data results in an HTTP 200
    # which seems very unreliable
    #r = http_send_recv3(method: 'GET', item:"/index.html", port:port);
    #if (isnull(r)) exit(0);
    #check(file:"/index.html", pattern: r[2]);
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD20041202.NASL
    descriptionThe remote host is missing Security Update 2004-12-02. This security update contains a number of fixes for the following programs : - Apache - Apache2 - AppKit - Cyrus IMAP - HIToolbox - Kerberos - Postfix - PSNormalizer - QuickTime Streaming Server - Safari - Terminal These programs contain multiple vulnerabilities that could allow a remote attacker to execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id15898
    published2004-12-02
    reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15898
    titleMac OS X Multiple Vulnerabilities (Security Update 2004-12-02)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    if (NASL_LEVEL < 3004) exit(0);    # a large number of xrefs.
    if ( ! defined_func("bn_random") ) exit(0);
    
    include("compat.inc");
    
    if(description)
    {
     script_id(15898);
     script_version ("1.24");
     script_cvs_date("Date: 2018/07/14  1:59:35");
    
     script_cve_id("CVE-2004-1082", "CVE-2003-0020", "CVE-2003-0987", "CVE-2004-0174", "CVE-2004-0488", 
                   "CVE-2004-0492", "CVE-2004-0885", "CVE-2004-0940", "CVE-2004-1083", "CVE-2004-1084", 
                   "CVE-2004-0747", "CVE-2004-0786", "CVE-2004-0751", "CVE-2004-0748", "CVE-2004-1081", 
                   "CVE-2004-0803", "CVE-2004-0804", "CVE-2004-0886", "CVE-2004-1089", "CVE-2004-1085", 
                   "CVE-2004-0642", "CVE-2004-0643", "CVE-2004-0644", "CVE-2004-0772", "CVE-2004-1088", 
                   "CVE-2004-1086", "CVE-2004-1123", "CVE-2004-1121", "CVE-2004-1122", "CVE-2004-1087");
     script_bugtraq_id(9921, 9930, 9571, 11471, 11360, 11469, 10508, 11802);
    
     script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2004-12-02)");
     script_summary(english:"Check for Security Update 2004-12-02");
     
     script_set_attribute( attribute:"synopsis",  value:
    "The remote host is missing a Mac OS X update that fixes a security
    issue." );
     script_set_attribute( attribute:"description",   value:
    "The remote host is missing Security Update 2004-12-02. This security
    update contains a number of fixes for the following programs :
    
      - Apache
      - Apache2
      - AppKit
      - Cyrus IMAP
      - HIToolbox
      - Kerberos
      - Postfix
      - PSNormalizer
      - QuickTime Streaming Server
      - Safari
      - Terminal
    
    These programs contain multiple vulnerabilities that could allow a
    remote attacker to execute arbitrary code." );
     # http://web.archive.org/web/20080915104713/http://support.apple.com/kb/HT1646?
     script_set_attribute(
       attribute:"see_also",
       value:"http://www.nessus.org/u?210abeb5"
     );
     script_set_attribute(
       attribute:"solution", 
       value:"Install Security Update 2004-12-02."
     );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
     script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"true");
     script_cwe_id(119);
     script_set_attribute(attribute:"plugin_publication_date", value: "2004/12/02");
     script_set_attribute(attribute:"vuln_publication_date", value: "2003/02/24");
     script_set_attribute(attribute:"patch_publication_date", value: "2004/12/02");
     script_set_attribute(attribute:"plugin_type", value:"local");
     script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
     script_end_attributes();
    
     script_category(ACT_GATHER_INFO);
     script_family(english:"MacOS X Local Security Checks");
    
     script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
    
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/MacOSX/packages");
     exit(0);
    }
    
    
    packages = get_kb_item("Host/MacOSX/packages");
    if ( ! packages ) exit(0);
    
    uname = get_kb_item("Host/uname");
    # MacOS X 10.2.8, 10.3.6 only
    if ( egrep(pattern:"Darwin.* (6\.8\.|7\.6\.)", string:uname) )
    {
      if ( ! egrep(pattern:"^SecUpd(Srvr)?2004-12-02", string:packages) ) security_hole(0);
    	else non_vuln = 1;
    }
    else if ( egrep(pattern:"Darwin.* (6\.9|[0-9][0-9]\.|7\.([7-9]|[0-9][0-9]\.|[8-9]\.))", string:uname) ) non_vuln = 1;
    
    if ( non_vuln )
    {
       set_kb_item(name:"CVE-2004-1082", value:TRUE);
       set_kb_item(name:"CVE-2003-0020", value:TRUE);
       set_kb_item(name:"CVE-2003-0987", value:TRUE);
       set_kb_item(name:"CVE-2004-0174", value:TRUE);
       set_kb_item(name:"CVE-2004-0488", value:TRUE);
       set_kb_item(name:"CVE-2004-0492", value:TRUE);
       set_kb_item(name:"CVE-2004-0885", value:TRUE);
       set_kb_item(name:"CVE-2004-0940", value:TRUE);
       set_kb_item(name:"CVE-2004-1083", value:TRUE);
       set_kb_item(name:"CVE-2004-1084", value:TRUE);
       set_kb_item(name:"CVE-2004-0747", value:TRUE);
       set_kb_item(name:"CVE-2004-0786", value:TRUE);
       set_kb_item(name:"CVE-2004-0751", value:TRUE);
       set_kb_item(name:"CVE-2004-0748", value:TRUE);
       set_kb_item(name:"CVE-2004-1081", value:TRUE);
       set_kb_item(name:"CVE-2004-0803", value:TRUE);
       set_kb_item(name:"CVE-2004-0804", value:TRUE);
       set_kb_item(name:"CVE-2004-0886", value:TRUE);
       set_kb_item(name:"CVE-2004-1089", value:TRUE);
       set_kb_item(name:"CVE-2004-1085", value:TRUE);
       set_kb_item(name:"CVE-2004-0642", value:TRUE);
       set_kb_item(name:"CVE-2004-0643", value:TRUE);
       set_kb_item(name:"CVE-2004-0644", value:TRUE);
       set_kb_item(name:"CVE-2004-0772", value:TRUE);
       set_kb_item(name:"CVE-2004-1088", value:TRUE);
       set_kb_item(name:"CVE-2004-1086", value:TRUE);
       set_kb_item(name:"CVE-2004-1123", value:TRUE);
       set_kb_item(name:"CVE-2004-1121", value:TRUE);
       set_kb_item(name:"CVE-2004-1122", value:TRUE);
       set_kb_item(name:"CVE-2004-1087", value:TRUE);
    }