Vulnerability Name: | CVE-2005-1307 (CCN-18445) | ||||||||
Assigned: | 2004-12-07 | ||||||||
Published: | 2004-12-07 | ||||||||
Updated: | 2017-07-11 | ||||||||
Summary: | The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory. | ||||||||
CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||
References: | Source: BUGTRAQ Type: UNKNOWN 20041206 Local root exploit on Mac OS X with Adobe Version Cue Source: CCN Type: BugTraq Mailing List, Mon Dec 06 2004 - 20:15:32 CST Local root exploit on Mac OS X with Adobe Version Cue Source: MITRE Type: CNA CVE-2005-1307 Source: BUGTRAQ Type: UNKNOWN 20050516 Mac OS X - Adobe Version Cue local root exploit [c version exploit] Source: CCN Type: The Aims Group Mac OS X - Adobe Version Cue local root exploit [c version exploit] 2005-05-16 Source: CCN Type: SA13399 Adobe Version Cue Privilege Escalation Vulnerability Source: SECUNIA Type: UNKNOWN 13399 Source: CCN Type: SECTRACK ID: 1012446 Adobe Version Cue Start/Stop Scripts Let Local Users Execute Arbitrary Code With Root Privileges Source: SECTRACK Type: UNKNOWN 1012446 Source: CONFIRM Type: UNKNOWN http://www.adobe.com/support/techdocs/331621.html Source: CCN Type: CIAC INFORMATION BULLETIN P-200 Apple Security Update 2005-005 Source: OSVDB Type: UNKNOWN 12297 Source: OSVDB Type: UNKNOWN 12298 Source: CCN Type: OSVDB ID: 12297 Adobe Version Cue stopserver.sh PATH Subversion Local Privilege Escalation Source: CCN Type: OSVDB ID: 12298 Adobe Version Cue startserver.sh PATH Subversion Local Privilege Escalation Source: CCN Type: SecuriTeam.com Mac OS X / Adobe Version Cue Local Root (Exploit) 17 May 2005 Source: MISC Type: Exploit http://www.securiteam.com/exploits/5EP0D20FQC.html Source: BID Type: UNKNOWN 11833 Source: CCN Type: BID-11833 Adobe Version Cue Local Privilege Escalation Vulnerability Source: XF Type: UNKNOWN version-cue-gain-privileges(18445) Source: XF Type: UNKNOWN version-cue-gain-privileges(18445) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |