Vulnerabilities > CVE-2005-1725 - Unspecified vulnerability in Apple mac OS X Server 10.4/10.4.1

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
apple
nessus
exploit available
NVD
Published: 2005-06-08
Updated: 2016-10-18

Summary

launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users to overwrite arbitrary files via a symlink attack on the socket file in an insecure temporary directory.

Vulnerable Configurations

Part Description Count
OS
Apple
2

Exploit-Db

descriptionMac OS X 10.4 launchd Race Condition Exploit. CVE-2005-1725. Local exploit for osx platform
idEDB-ID:1043
last seen2016-01-31
modified2005-06-14
published2005-06-14
reporterintropy
sourcehttps://www.exploit-db.com/download/1043/
titleMac OS X 10.4 launchd Race Condition Exploit

Nessus

NASL familyMacOS X Local Security Checks
NASL idMACOSX_SECUPD2005-006.NASL
descriptionThe remote host is missing Security Update 2005-006. This security update contains security fixes for the following application : - AFP Server - Bluetooth - CoreGraphics - Folder Permissions - launchd - LaunchServices - NFS - PHP - VPN These programs have multiple vulnerabilities, some of which may lead to arbitrary code execution.
last seen2020-06-01
modified2020-06-02
plugin id18437
published2005-06-08
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/18437
titleMac OS X Multiple Vulnerabilities (Security Update 2005-006)
code
#
# (C) Tenable Network Security, Inc.
#

if ( ! defined_func("bn_random") ) exit(0);

include("compat.inc");

if(description)
{
 script_id(18437);
 script_version ("1.16");
 script_cvs_date("Date: 2018/07/14  1:59:35");

 if (NASL_LEVEL >= 3000)
 {
   script_cve_id("CVE-2005-0524", "CVE-2005-0525", "CVE-2005-1042", "CVE-2005-1043", "CVE-2005-1333",
                "CVE-2005-1343", "CVE-2005-1720", "CVE-2005-1721", "CVE-2005-1722", "CVE-2005-1723",
                "CVE-2005-1724", "CVE-2005-1725", "CVE-2005-1726", "CVE-2005-1727", "CVE-2005-1728");
 }
 script_bugtraq_id(13491, 13899);

 script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2005-006)");
 script_summary(english:"Check for Security Update 2005-006");

 script_set_attribute( attribute:"synopsis",  value:
"The remote host is missing a Mac OS X update that fixes a security
issue." );
 script_set_attribute( attribute:"description",   value:
"The remote host is missing Security Update 2005-006. This security
update contains security fixes for the following application :

- AFP Server
- Bluetooth
- CoreGraphics
- Folder Permissions
- launchd
- LaunchServices
- NFS
- PHP
- VPN

These programs have multiple vulnerabilities, some of which may lead
to arbitrary code execution." );
 script_set_attribute(
   attribute:"see_also",
   value:"http://support.apple.com/kb/TA23304"
 );
 script_set_attribute(
   attribute:"solution", 
   value:"Install Security Update 2005-006."
 );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"plugin_publication_date", value: "2005/06/08");
 script_set_attribute(attribute:"vuln_publication_date", value: "2005/05/03");
 script_set_attribute(attribute:"patch_publication_date", value: "2005/06/09");
 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_family(english:"MacOS X Local Security Checks");

 script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");

 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/MacOSX/packages");
 exit(0);
}

#

packages = get_kb_item("Host/MacOSX/packages");
if ( ! packages ) exit(0);


uname = get_kb_item("Host/uname");
# MacOS X 10.4.1
if ( egrep(pattern:"Darwin.* (7\.[0-9]\.|8\.[01]\.)", string:uname) )
{
  if (!egrep(pattern:"^SecUpd(Srvr)?2005-006", string:packages)) security_hole(0);
}

References