Vulnerability Name: | CVE-2005-0125 (CCN-18981) | ||||||||
Assigned: | 2005-01-20 | ||||||||
Published: | 2005-01-20 | ||||||||
Updated: | 2018-08-13 | ||||||||
Summary: | The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop privileges, which allows local users to (1) delete arbitrary files via atrm, (2) execute arbitrary programs via the -f argument to batch, or (3) read arbitrary files via the -f argument to batch, which generates a job file that is readable by the local user. | ||||||||
CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||
References: | Source: MITRE Type: CNA CVE-2005-0125 Source: APPLE Type: Patch, Vendor Advisory APPLE-SA-2005-01-25 Source: CCN Type: APPLE-SA-2005-01-25 Security Update 2005-001 Source: BUGTRAQ Type: UNKNOWN 20050127 DMA[2005-0127a] - 'Apple OSX batch family poor use of setuid' Source: CCN Type: CIAC Information Bulletin P-116 Apple Security Update 2005-001 for Mac OS X Source: MISC Type: Broken Link http://www.digitalmunition.com/DMA[2005-0127a].txt Source: CCN Type: Immunity Inc. Security Advisory Various Kernel Level Vulnerabilities in Mac OS X 10.3.x Source: CCN Type: US-CERT VU#678150 Apple Mac OS X at utilities fail to drop privileges properly Source: CERT-VN Type: Patch, Third Party Advisory, US Government Resource VU#678150 Source: CCN Type: OSVDB ID: 13180 Apple Mac OS X at Package batch Command Privilege Escalation Source: CCN Type: OSVDB ID: 14932 Apple Mac OS X at Package atrm Command Privilege Escalation Source: CCN Type: BID-12297 Apple Mac OS X At Utility Family Multiple Local Privilege Escalation Vulnerabilities Source: XF Type: UNKNOWN macos-at-gain-privileges(18981) Source: XF Type: UNKNOWN macos-at-gain-privileges(18981) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||
BACK |