CVE-2005-0971
CVSS4.6
发布时间 :2005-05-12 00:00:00
修订时间 :2008-09-05 16:47:50
NMCOS    

[原文]Stack-based buffer overflow in the semop system call in Mac OS X 10.3.9 and earlier allows local users to gain privileges via crafted arguments.


[CNNVD]Apple Mac OS X Kernel Semop本地栈缓冲区溢出漏洞(CNNVD-200505-1001)

        Mac OS X 10.3.9及更早版本中的semop系统调用存在基于栈的缓冲区溢出,本地用户可以通过特制的参数来获取权限。

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:apple:mac_os_x:10.1.5Apple Mac OS X 10.1.5
cpe:/o:apple:mac_os_x:10.3.9Apple Mac OS X 10.3.9
cpe:/o:apple:mac_os_x:10.3.1Apple Mac OS X 10.3.1
cpe:/o:apple:mac_os_x:10.2Apple Mac OS X 10.2
cpe:/o:apple:mac_os_x:10.2.7Apple Mac OS X 10.2.7
cpe:/o:apple:mac_os_x:10.1.4Apple Mac OS X 10.1.4
cpe:/o:apple:mac_os_x:10.1Apple Mac OS X 10.1
cpe:/o:apple:mac_os_x:10.2.5Apple Mac OS X 10.2.5
cpe:/o:apple:mac_os_x:10.0.1Apple Mac OS X 10.0.1
cpe:/o:apple:mac_os_x:10.0.4Apple Mac OS X 10.0.4
cpe:/o:apple:mac_os_x:10.2.2Apple Mac OS X 10.2.2
cpe:/o:apple:mac_os_x:10.3.3Apple Mac OS X 10.3.3
cpe:/o:apple:mac_os_x:10.0Apple Mac OS X 10.0
cpe:/o:apple:mac_os_x:10.2.4Apple Mac OS X 10.2.4
cpe:/o:apple:mac_os_x:10.0.3Apple Mac OS X 10.0.3
cpe:/o:apple:mac_os_x:10.2.3Apple Mac OS X 10.2.3
cpe:/o:apple:mac_os_x:10.1.3Apple Mac OS X 10.1.3
cpe:/o:apple:mac_os_x:10.3.6Apple Mac OS X 10.3.6
cpe:/o:apple:mac_os_x:10.3.2Apple Mac OS X 10.3.2
cpe:/o:apple:mac_os_x:10.2.8Apple Mac OS X 10.2.8
cpe:/o:apple:mac_os_x:10.2.1Apple Mac OS X 10.2.1
cpe:/o:apple:mac_os_x:10.1.1Apple Mac OS X 10.1.1
cpe:/o:apple:mac_os_x:10.3.8Apple Mac OS X 10.3.8
cpe:/o:apple:mac_os_x:10.2.6Apple Mac OS X 10.2.6
cpe:/o:apple:mac_os_x:10.3.4Apple Mac OS X 10.3.4
cpe:/o:apple:mac_os_x:10.0.2Apple Mac OS X 10.0.2
cpe:/o:apple:mac_os_x:10.3.7Apple Mac OS X 10.3.7
cpe:/o:apple:mac_os_x:10.3.5Apple Mac OS X 10.3.5
cpe:/o:apple:mac_os_x:10.3Apple Mac OS X 10.3
cpe:/o:apple:mac_os_x:10.1.2Apple Mac OS X 10.1.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0971
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0971
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-1001
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/212190
(UNKNOWN)  CERT-VN  VU#212190
http://lists.apple.com/archives/security-announce/2005/Apr/msg00000.html
(VENDOR_ADVISORY)  APPLE  APPLE-SA-2005-04-15

- 漏洞信息

Apple Mac OS X Kernel Semop本地栈缓冲区溢出漏洞
中危 缓冲区溢出
2005-05-12 00:00:00 2005-10-20 00:00:00
本地  
        Mac OS X 10.3.9及更早版本中的semop系统调用存在基于栈的缓冲区溢出,本地用户可以通过特制的参数来获取权限。

- 公告与补丁

        暂无数据

- 漏洞信息

13103
Apple Mac OS X semop() System Call Kernel Overflow
Local Access Required Input Manipulation
Loss of Integrity

- 漏洞描述

A local overflow exists in Mac OS X. The semop() system call fails to validate a user-supplied nsops integer variable resulting in a stack overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

- 时间线

2005-01-18 2004-06-21
Unknow Unknow

- 解决方案

Upgrade to version 10.3.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Apple Mac OS X Kernel Semop Local Stack-Based Buffer Overflow Vulnerability
Boundary Condition Error 13225
No Yes
2005-04-15 12:00:00 2009-07-12 02:06:00
This issue was announced by the vendor.

- 受影响的程序版本

Apple Mac OS X Server 10.3.8
Apple Mac OS X Server 10.3.7
Apple Mac OS X Server 10.3.6
Apple Mac OS X Server 10.3.5
Apple Mac OS X Server 10.3.4
Apple Mac OS X Server 10.3.3
Apple Mac OS X Server 10.3.2
Apple Mac OS X Server 10.3.1
Apple Mac OS X Server 10.3
Apple Mac OS X Server 10.2.8
Apple Mac OS X Server 10.2.7
Apple Mac OS X Server 10.2.6
Apple Mac OS X Server 10.2.5
Apple Mac OS X Server 10.2.4
Apple Mac OS X Server 10.2.3
Apple Mac OS X Server 10.2.2
Apple Mac OS X Server 10.2.1
Apple Mac OS X Server 10.2
Apple Mac OS X Server 10.1.5
Apple Mac OS X Server 10.1.4
Apple Mac OS X Server 10.1.3
Apple Mac OS X Server 10.1.2
Apple Mac OS X Server 10.1.1
Apple Mac OS X Server 10.1
Apple Mac OS X Server 10.0
Apple Mac OS X 10.3.8
Apple Mac OS X 10.3.7
Apple Mac OS X 10.3.6
Apple Mac OS X 10.3.5
Apple Mac OS X 10.3.4
Apple Mac OS X 10.3.3
Apple Mac OS X 10.3.2
Apple Mac OS X 10.3.1
Apple Mac OS X 10.3
Apple Mac OS X 10.2.8
Apple Mac OS X 10.2.7
Apple Mac OS X 10.2.6
Apple Mac OS X 10.2.5
Apple Mac OS X 10.2.4
Apple Mac OS X 10.2.3
Apple Mac OS X 10.2.2
Apple Mac OS X 10.2.1
Apple Mac OS X 10.2
Apple Mac OS X 10.1.5
Apple Mac OS X 10.1.4
Apple Mac OS X 10.1.3
Apple Mac OS X 10.1.2
Apple Mac OS X 10.1.1
Apple Mac OS X 10.1
Apple Mac OS X 10.1
Apple Mac OS X 10.0.4
Apple Mac OS X 10.0.3
Apple Mac OS X 10.0.2
Apple Mac OS X 10.0.1
Apple Mac OS X 10.0 3
Apple Mac OS X 10.0
Apple Mac OS X Server 10.3.9
Apple Mac OS X 10.3.9

- 不受影响的程序版本

Apple Mac OS X Server 10.3.9
Apple Mac OS X 10.3.9

- 漏洞讨论

A kernel stack overflow that presents itself in the 'semop()' system call exists in the Apple Mac OS X kernel. This is due to a failure of the affected function to properly handle certain user-supplied arguments.

Exploitation of this issue will facilitate code execution with kernel level (ring 0) privileges.

It should be noted that this issue was previously reported in BID 13203 (Apple Mac OS X Kernel Multiple Local Privilege Escalation And Denial Of Service Vulnerabilities); it has been assigned its own BID.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Apple has released security advisory APPLE-SA-2005-04-15 along with fixes dealing with this and other issues. Please see the referenced advisory for more information.


Apple Mac OS X Server 10.3

Apple Mac OS X 10.3

Apple Mac OS X Server 10.3.1

Apple Mac OS X 10.3.1

Apple Mac OS X 10.3.2

Apple Mac OS X Server 10.3.2

Apple Mac OS X 10.3.3

Apple Mac OS X Server 10.3.3

Apple Mac OS X 10.3.4

Apple Mac OS X Server 10.3.4

Apple Mac OS X Server 10.3.5

Apple Mac OS X 10.3.5

Apple Mac OS X Server 10.3.6

Apple Mac OS X 10.3.6

Apple Mac OS X Server 10.3.7

Apple Mac OS X 10.3.7

Apple Mac OS X 10.3.8

Apple Mac OS X Server 10.3.8

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站