CVE-2005-4217 - OpenCVE

Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the "$<" variable to set uid, which allows attackers to gain privileges.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Mac Os X Server

Configuration 1 [-]

cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*

References

Link	Resource
http://docs.info.apple.com/article.html?artnum=303382
http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html
http://secunia.com/advisories/17922	Vendor Advisory
http://secunia.com/advisories/19064	Vendor Advisory
http://www.osvdb.org/21800
http://www.securityfocus.com/bid/15833
http://www.securityfocus.com/bid/16907
http://www.us-cert.gov/cas/techalerts/TA06-062A.html	US Government Resource
http://www.vupen.com/english/advisories/2005/2869	Vendor Advisory
http://www.vupen.com/english/advisories/2006/0791	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/23561

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-12-14T11:00:00

Updated: 2017-07-19T15:57:01

Reserved: 2005-12-14T00:00:00

Link: CVE-2005-4217

JSON object: View

NVD Information

Status : Modified

Published: 2005-12-14T11:03:00.000

Modified: 2017-07-20T01:29:12.267

Link: CVE-2005-4217

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-12-13T00:00:00", "descriptions": [{"lang": "en", "value": "Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the \"$<\" variable to set uid, which allows attackers to gain privileges."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "macos-perl-bypass-security(23561)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23561"}, {"name": "ADV-2005-2869", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2005/2869"}, {"name": "21800", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/21800"}, {"name": "19064", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19064"}, {"name": "16907", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/16907"}, {"name": "ADV-2006-0791", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0791"}, {"name": "APPLE-SA-2006-03-01", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html"}, {"name": "TA06-062A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-062A.html"}, {"name": "15833", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15833"}, {"name": "17922", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17922"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=303382"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-4217", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the \"$<\" variable to set uid, which allows attackers to gain privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "macos-perl-bypass-security(23561)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23561"}, {"name": "ADV-2005-2869", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2869"}, {"name": "21800", "refsource": "OSVDB", "url": "http://www.osvdb.org/21800"}, {"name": "19064", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19064"}, {"name": "16907", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16907"}, {"name": "ADV-2006-0791", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0791"}, {"name": "APPLE-SA-2006-03-01", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html"}, {"name": "TA06-062A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-062A.html"}, {"name": "15833", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15833"}, {"name": "17922", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17922"}, {"name": "http://docs.info.apple.com/article.html?artnum=303382", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=303382"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-4217", "datePublished": "2005-12-14T11:00:00", "dateReserved": "2005-12-14T00:00:00", "dateUpdated": "2017-07-19T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "8923EE1A-DD48-4EC8-8698-A33093FD709C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the \"$<\" variable to set uid, which allows attackers to gain privileges."}, {"lang": "es", "value": "Perl en Apple Mac OS X Server 10.3.9 no se quita apropiadamente privilegios cuando se usa la variable \"$<\" para establecer uid, lo que permite a atacantes ganar privilegios."}], "id": "CVE-2005-4217", "lastModified": "2017-07-20T01:29:12.267", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-12-14T11:03:00.000", "references": [{"source": "cve@mitre.org", "url": "http://docs.info.apple.com/article.html?artnum=303382"}, {"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17922"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19064"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/21800"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/15833"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/16907"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-062A.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2005/2869"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/0791"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23561"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}