Vulnerability Name:

CVE-2005-0125 (CCN-18981)

Assigned:2005-01-20
Published:2005-01-20
Updated:2018-08-13
Summary:The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop privileges, which allows local users to (1) delete arbitrary files via atrm, (2) execute arbitrary programs via the -f argument to batch, or (3) read arbitrary files via the -f argument to batch, which generates a job file that is readable by the local user.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2005-0125

Source: APPLE
Type: Patch, Vendor Advisory
APPLE-SA-2005-01-25

Source: CCN
Type: APPLE-SA-2005-01-25
Security Update 2005-001

Source: BUGTRAQ
Type: UNKNOWN
20050127 DMA[2005-0127a] - 'Apple OSX batch family poor use of setuid'

Source: CCN
Type: CIAC Information Bulletin P-116
Apple Security Update 2005-001 for Mac OS X

Source: MISC
Type: Broken Link
http://www.digitalmunition.com/DMA[2005-0127a].txt

Source: CCN
Type: Immunity Inc. Security Advisory
Various Kernel Level Vulnerabilities in Mac OS X 10.3.x

Source: CCN
Type: US-CERT VU#678150
Apple Mac OS X at utilities fail to drop privileges properly

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#678150

Source: CCN
Type: OSVDB ID: 13180
Apple Mac OS X at Package batch Command Privilege Escalation

Source: CCN
Type: OSVDB ID: 14932
Apple Mac OS X at Package atrm Command Privilege Escalation

Source: CCN
Type: BID-12297
Apple Mac OS X At Utility Family Multiple Local Privilege Escalation Vulnerabilities

Source: XF
Type: UNKNOWN
macos-at-gain-privileges(18981)

Source: XF
Type: UNKNOWN
macos-at-gain-privileges(18981)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.7:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.7:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    apple mac os x 10.3.4
    apple mac os x 10.3.7
    apple mac os x server 10.3.7
    apple mac os x 10.3.7
    apple mac os x server 10.3.7
    apple mac os x 10.3.4