Vulnerabilities > CVE-2004-1084 - Unspecified vulnerability in Apple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN apple
nessus
Summary
Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
Vulnerable Configurations
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2005-007.NASL description The remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2005-007 applied. This security update contains fixes for the following products : - Apache 2 - AppKit - Bluetooth - CoreFoundation - CUPS - Directory Services - HItoolbox - Kerberos - loginwindow - Mail - MySQL - OpenSSL - QuartzComposerScreenSaver - ping - Safari - SecurityInterface - servermgrd - servermgr_ipfilter - SquirelMail - traceroute - WebKit - WebLog Server - X11 - zlib last seen 2020-06-01 modified 2020-06-02 plugin id 19463 published 2005-08-18 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19463 title Mac OS X Multiple Vulnerabilities (Security Update 2005-007) code # # (C) Tenable Network Security, Inc. # if ( ! defined_func("bn_random") ) exit(0); if (NASL_LEVEL < 3004) exit(0); include("compat.inc"); if(description) { script_id(19463); script_version ("1.15"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id("CVE-2005-1344", "CVE-2004-0942", "CVE-2004-0885", "CVE-2004-1083", "CVE-2004-1084", "CVE-2005-2501", "CVE-2005-2502", "CVE-2005-2503", "CVE-2005-2504", "CVE-2005-2505", "CVE-2005-2506", "CVE-2005-2525", "CVE-2005-2526", "CVE-2005-2507", "CVE-2005-2508", "CVE-2005-2519", "CVE-2005-2513", "CVE-2004-1189", "CVE-2005-1174", "CVE-2005-1175", "CVE-2005-1689", "CVE-2005-2511", "CVE-2005-2509", "CVE-2005-2512", "CVE-2005-2745", "CVE-2005-0709", "CVE-2005-0710", "CVE-2005-0711", "CVE-2004-0079", "CVE-2004-0112", "CVE-2005-2514", "CVE-2005-2515", "CVE-2005-2516", "CVE-2005-2517", "CVE-2005-2524", "CVE-2005-2520", "CVE-2005-2518", "CVE-2005-2510", "CVE-2005-1769", "CVE-2005-2095", "CVE-2005-2521", "CVE-2005-2522", "CVE-2005-2523", "CVE-2005-0605", "CVE-2005-2096", "CVE-2005-1849"); script_bugtraq_id(14567, 14569); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2005-007)"); script_summary(english:"Check for Security Update 2005-007"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2005-007 applied. This security update contains fixes for the following products : - Apache 2 - AppKit - Bluetooth - CoreFoundation - CUPS - Directory Services - HItoolbox - Kerberos - loginwindow - Mail - MySQL - OpenSSL - QuartzComposerScreenSaver - ping - Safari - SecurityInterface - servermgrd - servermgr_ipfilter - SquirelMail - traceroute - WebKit - WebLog Server - X11 - zlib" ); # http://web.archive.org/web/20060406190355/http://docs.info.apple.com/article.html?artnum=302163 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?74ffa359" ); script_set_attribute(attribute:"solution", value: "!Install Security Update 2005-007." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(119); script_set_attribute(attribute:"plugin_publication_date", value: "2005/08/18"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/08/12"); script_set_attribute(attribute:"patch_publication_date", value: "2005/08/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"MacOS X Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages"); exit(0); } # packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); uname = get_kb_item("Host/uname"); # MacOS X 10.4.2 if ( egrep(pattern:"Darwin.* (7\.[0-9]\.|8\.2\.)", string:uname) ) { if (!egrep(pattern:"^SecUpd(Srvr)?2005-007", string:packages)) security_hole(0); }NASL family Web Servers NASL id HFS_FORK_SOURCE.NASL description The remote host seems to be running Mac OS X or Mac OS X Server. There is a flaw in the remote web server that allows an attacker to obtain the source code of any given file on the remote web server by reading it through its data fork directly. An attacker may exploit this flaw to obtain the source code of remote scripts. last seen 2020-06-01 modified 2020-06-02 plugin id 15927 published 2004-12-09 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15927 title Apache on Mac OS X HFS+ Arbitrary File Source Disclosure code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(15927); script_version("1.27"); script_cvs_date("Date: 2018/07/12 19:01:16"); script_cve_id("CVE-2004-1083", "CVE-2004-1084"); script_bugtraq_id(11802); script_name(english:"Apache on Mac OS X HFS+ Arbitrary File Source Disclosure"); script_summary(english:"downloads the source of a remote script"); script_set_attribute(attribute:"synopsis", value: "The remote web server is affected by an information disclosure vulnerability."); script_set_attribute(attribute:"description", value: "The remote host seems to be running Mac OS X or Mac OS X Server. There is a flaw in the remote web server that allows an attacker to obtain the source code of any given file on the remote web server by reading it through its data fork directly. An attacker may exploit this flaw to obtain the source code of remote scripts."); script_set_attribute(attribute:"solution", value: "Install the latest Apple Security Patches."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/12/09"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/12/02"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_family(english:"Web Servers"); script_dependencie("http_version.nasl", "os_fingerprint.nasl"); script_require_ports("Services/www", 80); exit(0); } # # The script code starts here # include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); os = get_kb_item("Host/OS"); if (os && "Mac OS X" >!< os) exit(0, "The remote host was not fingerprinted as Mac OS X."); port = get_http_port(default:80); if ( get_kb_item("www/no404/" + port ) ) exit(0); function check(file, pattern) { local_var r, u, rep; u = strcat(file, "/..namedfork/data"); r = http_send_recv3(method: 'GET', port: port, item: u); if (isnull(r)) exit(1, "The web server on port "+port+" failed to respond."); if (r[0] =~ "^HTTP/[01]\.[01] +200 " && (pattern >< r[2] )) { # Avoid FP r = http_send_recv3(method: 'GET', port: port, item: strcat(file, "/..", rand())); if (isnull(r)) exit(1, "The web server on port "+port+" failed to respond."); if (r[0] =~ "^HTTP/[01]\.[01] +200 " && (pattern >< r[2])) return 0; rep = strcat('\nThe output from the following URLs should demonstrate the issue :\n\n - ', build_url(port:port, qs:file), '\n - ', build_url(port:port, qs:u), '\n'); security_warning (port:port, extra: rep ); return 1; } return 0 ; } check(file:"/index.php", pattern:"<?"); files = get_kb_list(string("www/", port, "/content/extensions/php")); if(!isnull(files)) { files = make_list(files); check(file:files[0], pattern:"<?"); } # all this does is check if requesting /index.html/..namedfork/data results in an HTTP 200 # which seems very unreliable #r = http_send_recv3(method: 'GET', item:"/index.html", port:port); #if (isnull(r)) exit(0); #check(file:"/index.html", pattern: r[2]);NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD20041202.NASL description The remote host is missing Security Update 2004-12-02. This security update contains a number of fixes for the following programs : - Apache - Apache2 - AppKit - Cyrus IMAP - HIToolbox - Kerberos - Postfix - PSNormalizer - QuickTime Streaming Server - Safari - Terminal These programs contain multiple vulnerabilities that could allow a remote attacker to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 15898 published 2004-12-02 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15898 title Mac OS X Multiple Vulnerabilities (Security Update 2004-12-02) code # # (C) Tenable Network Security, Inc. # if (NASL_LEVEL < 3004) exit(0); # a large number of xrefs. if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(15898); script_version ("1.24"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id("CVE-2004-1082", "CVE-2003-0020", "CVE-2003-0987", "CVE-2004-0174", "CVE-2004-0488", "CVE-2004-0492", "CVE-2004-0885", "CVE-2004-0940", "CVE-2004-1083", "CVE-2004-1084", "CVE-2004-0747", "CVE-2004-0786", "CVE-2004-0751", "CVE-2004-0748", "CVE-2004-1081", "CVE-2004-0803", "CVE-2004-0804", "CVE-2004-0886", "CVE-2004-1089", "CVE-2004-1085", "CVE-2004-0642", "CVE-2004-0643", "CVE-2004-0644", "CVE-2004-0772", "CVE-2004-1088", "CVE-2004-1086", "CVE-2004-1123", "CVE-2004-1121", "CVE-2004-1122", "CVE-2004-1087"); script_bugtraq_id(9921, 9930, 9571, 11471, 11360, 11469, 10508, 11802); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2004-12-02)"); script_summary(english:"Check for Security Update 2004-12-02"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes a security issue." ); script_set_attribute( attribute:"description", value: "The remote host is missing Security Update 2004-12-02. This security update contains a number of fixes for the following programs : - Apache - Apache2 - AppKit - Cyrus IMAP - HIToolbox - Kerberos - Postfix - PSNormalizer - QuickTime Streaming Server - Safari - Terminal These programs contain multiple vulnerabilities that could allow a remote attacker to execute arbitrary code." ); # http://web.archive.org/web/20080915104713/http://support.apple.com/kb/HT1646? script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?210abeb5" ); script_set_attribute( attribute:"solution", value:"Install Security Update 2004-12-02." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(119); script_set_attribute(attribute:"plugin_publication_date", value: "2004/12/02"); script_set_attribute(attribute:"vuln_publication_date", value: "2003/02/24"); script_set_attribute(attribute:"patch_publication_date", value: "2004/12/02"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages"); exit(0); } packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); uname = get_kb_item("Host/uname"); # MacOS X 10.2.8, 10.3.6 only if ( egrep(pattern:"Darwin.* (6\.8\.|7\.6\.)", string:uname) ) { if ( ! egrep(pattern:"^SecUpd(Srvr)?2004-12-02", string:packages) ) security_hole(0); else non_vuln = 1; } else if ( egrep(pattern:"Darwin.* (6\.9|[0-9][0-9]\.|7\.([7-9]|[0-9][0-9]\.|[8-9]\.))", string:uname) ) non_vuln = 1; if ( non_vuln ) { set_kb_item(name:"CVE-2004-1082", value:TRUE); set_kb_item(name:"CVE-2003-0020", value:TRUE); set_kb_item(name:"CVE-2003-0987", value:TRUE); set_kb_item(name:"CVE-2004-0174", value:TRUE); set_kb_item(name:"CVE-2004-0488", value:TRUE); set_kb_item(name:"CVE-2004-0492", value:TRUE); set_kb_item(name:"CVE-2004-0885", value:TRUE); set_kb_item(name:"CVE-2004-0940", value:TRUE); set_kb_item(name:"CVE-2004-1083", value:TRUE); set_kb_item(name:"CVE-2004-1084", value:TRUE); set_kb_item(name:"CVE-2004-0747", value:TRUE); set_kb_item(name:"CVE-2004-0786", value:TRUE); set_kb_item(name:"CVE-2004-0751", value:TRUE); set_kb_item(name:"CVE-2004-0748", value:TRUE); set_kb_item(name:"CVE-2004-1081", value:TRUE); set_kb_item(name:"CVE-2004-0803", value:TRUE); set_kb_item(name:"CVE-2004-0804", value:TRUE); set_kb_item(name:"CVE-2004-0886", value:TRUE); set_kb_item(name:"CVE-2004-1089", value:TRUE); set_kb_item(name:"CVE-2004-1085", value:TRUE); set_kb_item(name:"CVE-2004-0642", value:TRUE); set_kb_item(name:"CVE-2004-0643", value:TRUE); set_kb_item(name:"CVE-2004-0644", value:TRUE); set_kb_item(name:"CVE-2004-0772", value:TRUE); set_kb_item(name:"CVE-2004-1088", value:TRUE); set_kb_item(name:"CVE-2004-1086", value:TRUE); set_kb_item(name:"CVE-2004-1123", value:TRUE); set_kb_item(name:"CVE-2004-1121", value:TRUE); set_kb_item(name:"CVE-2004-1122", value:TRUE); set_kb_item(name:"CVE-2004-1087", value:TRUE); }
References
- http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html
- http://www.ciac.org/ciac/bulletins/p-049.shtml
- http://secunia.com/advisories/13362/
- http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
- http://www.securityfocus.com/bid/11802
- http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18349