Vulnerabilities > CVE-2005-0193 - Local Command Line Argument Buffer Overflow vulnerability in Isync Mrouter 1.5
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in the (1) -v and (2) -a switches in mRouter in iSync 1.5 in Mac OS X 10.3.7 and earlier allows local users to execute arbitrary code.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Mac OS X <= 10.3.7 mRouter Local Privilege Escalation Exploit. CVE-2005-0193. Local exploit for osx platform |
id | EDB-ID:766 |
last seen | 2016-01-31 |
modified | 2005-01-22 |
published | 2005-01-22 |
reporter | nemo |
source | https://www.exploit-db.com/download/766/ |
title | Mac OS X <= 10.3.7 - mRouter Local Privilege Escalation Exploit |
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2005-004.NASL description The remote host is missing Security Update 2005-004. This security update contains security fixes for the following application : - iSync (local privilege escalation) last seen 2019-10-28 modified 2005-04-20 plugin id 18099 published 2005-04-20 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18099 title Mac OS X Security Update 2005-004 code #TRUSTED aba4130937b22e6a492cb88ae1412f0f1745d2b367168e1e93348b9e9b0124775d9c32f918727a2419b6a7e0909f39ce3cb282a75bf8ab5393bd4e9821e9e01838b9e03368b591f2ee2f3a24ae047014e8b06ccf92400f9f650bd9387d1a111097e9cc78b06a4ce7343c3a51118c0787e75e95bafd95919523ee329186b5d221257557ccbc03951003d3fd8436c0ef6fa2f7a9e582120438b762aacd370215fd4d70c22f79bcbacadea58d0369735d06f5e86472c3b66e36105a6b201139b0dd506d615591ce6b58c8b00598a91fe46e3410b4cb90e7a3e124090ef73840719db2ee70fb1045c7b8eceb2b50d6354422faf70e60df2c1cef74d22eb81d81b5beb02002d05babdcc2d472dafb7c5160a4164773e232c595d23a36785a40e73037431620bb1b5745e1a0ba3dd7465dfcc02ec84d28b1d38e596f784149694ac3f63abc5fda3a36cf32c21878dc26cb7a44ce803b03bc90dab40f2d60d3c894e002a1a1c12b202708470af24f9f0aded2b08d1c95cc85dc293b91118563977e398c50aa320da4bf7b4e154767ae748eab3dc7223b42a3056cf3392aea6bbf428c4494039a21cdfd53179caf27cd000248907fdc18f760d21c2788f33a84f0fc4e25d06aeddf02bb2a23b3e50ce618356192344fba37c753633680155b7c55bfd8cb38ff7cefba8c561d9d55f558c6e75161ee72b588476c67cbb5dbaead773efafd # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(18099); script_version("1.19"); script_set_attribute(attribute:"plugin_modification_date", value: "2018/07/14"); script_cve_id("CVE-2005-0193"); script_bugtraq_id(12334); script_name(english:"Mac OS X Security Update 2005-004"); script_summary(english:"Check for Security Update 2005-004"); script_set_attribute(attribute:"synopsis", value: "The remote operating system is missing a security update."); script_set_attribute(attribute:"description", value: "The remote host is missing Security Update 2005-004. This security update contains security fixes for the following application : - iSync (local privilege escalation)"); script_set_attribute(attribute:"solution", value:"http://docs.info.apple.com/article.html?artnum=301326"); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/22"); script_set_attribute(attribute:"patch_publication_date", value:"2005/04/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/20"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"MacOS X Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages"); exit(0); } include("misc_func.inc"); include("ssh_func.inc"); include("macosx_func.inc"); if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS) enable_ssh_wrappers(); else disable_ssh_wrappers(); function exec(cmd) { local_var buf, ret, soc; if ( islocalhost() ) buf = pread(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd)); else { ret = ssh_open_connection(); if ( ! ret ) exit(0); buf = ssh_cmd(cmd:cmd); ssh_close_connection(); } if ( buf !~ "^[0-9]" ) exit(0); buf = chomp(buf); return buf; } packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); uname = get_kb_item("Host/uname"); # MacOS X 10.2.8, 10.3.9 only if ( egrep(pattern:"Darwin.* (6\.8\.|7\.[789]\.)", string:uname) ) { cmd = _GetBundleVersionCmd(file:"SymbianConduit.bundle", path:"/System/Library/SyncServices", label:"SourceVersion"); buf = exec(cmd:cmd); if ( int(buf) > 0 && int(buf) < 840200 ) security_hole(0); }
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2005-005.NASL description The remote host is missing Security Update 2005-005. This security update contains fixes for the following applications : - Apache - AppKit - AppleScript - Bluetooth - Directory Services - Finder - Foundation - HelpViewer - LDAP - libXpm - lukemftpd - NetInfo - ServerAdmin - sudo - Terminal - VPN These programs have multiple vulnerabilities that could allow a remote attacker to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 18189 published 2005-05-03 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18189 title Mac OS X Multiple Vulnerabilities (Security Update 2005-005)