CVE-2005-4217 - OpenCVE

Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the "$<" variable to set uid, which allows attackers to gain privileges.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X Server

Configuration 1 [-]

cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://docs.info.apple.com/article.html?artnum=303382
http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html
http://secunia.com/advisories/17922
http://secunia.com/advisories/19064
http://www.osvdb.org/21800
http://www.securityfocus.com/bid/15833
http://www.securityfocus.com/bid/16907
http://www.us-cert.gov/cas/techalerts/TA06-062A.html
http://www.vupen.com/english/advisories/2005/2869
http://www.vupen.com/english/advisories/2006/0791
https://exchange.xforce.ibmcloud.com/vulnerabilities/23561

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-12-14T11:00:00

Updated: 2024-08-07T23:38:51.404Z

Reserved: 2005-12-14T00:00:00

Link: CVE-2005-4217

Vulnrichment

No data.

NVD

Status : Modified

Published: 2005-12-14T11:03:00.000

Modified: 2017-07-20T01:29:12.267

Link: CVE-2005-4217

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-12-13T00:00:00", "descriptions": [{"lang": "en", "value": "Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the \"$<\" variable to set uid, which allows attackers to gain privileges."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "macos-perl-bypass-security(23561)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23561"}, {"name": "ADV-2005-2869", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2005/2869"}, {"name": "21800", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/21800"}, {"name": "19064", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19064"}, {"name": "16907", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/16907"}, {"name": "ADV-2006-0791", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0791"}, {"name": "APPLE-SA-2006-03-01", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html"}, {"name": "TA06-062A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-062A.html"}, {"name": "15833", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15833"}, {"name": "17922", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17922"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=303382"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-4217", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the \"$<\" variable to set uid, which allows attackers to gain privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "macos-perl-bypass-security(23561)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23561"}, {"name": "ADV-2005-2869", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2869"}, {"name": "21800", "refsource": "OSVDB", "url": "http://www.osvdb.org/21800"}, {"name": "19064", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19064"}, {"name": "16907", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16907"}, {"name": "ADV-2006-0791", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0791"}, {"name": "APPLE-SA-2006-03-01", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html"}, {"name": "TA06-062A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-062A.html"}, {"name": "15833", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15833"}, {"name": "17922", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17922"}, {"name": "http://docs.info.apple.com/article.html?artnum=303382", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=303382"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T23:38:51.404Z"}, "title": "CVE Program Container", "references": [{"name": "macos-perl-bypass-security(23561)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23561"}, {"name": "ADV-2005-2869", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2005/2869"}, {"name": "21800", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/21800"}, {"name": "19064", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19064"}, {"name": "16907", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/16907"}, {"name": "ADV-2006-0791", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/0791"}, {"name": "APPLE-SA-2006-03-01", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html"}, {"name": "TA06-062A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-062A.html"}, {"name": "15833", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/15833"}, {"name": "17922", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/17922"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=303382"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-4217", "datePublished": "2005-12-14T11:00:00", "dateReserved": "2005-12-14T00:00:00", "dateUpdated": "2024-08-07T23:38:51.404Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "8923EE1A-DD48-4EC8-8698-A33093FD709C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the \"$<\" variable to set uid, which allows attackers to gain privileges."}, {"lang": "es", "value": "Perl en Apple Mac OS X Server 10.3.9 no se quita apropiadamente privilegios cuando se usa la variable \"$<\" para establecer uid, lo que permite a atacantes ganar privilegios."}], "id": "CVE-2005-4217", "lastModified": "2017-07-20T01:29:12.267", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-12-14T11:03:00.000", "references": [{"source": "cve@mitre.org", "url": "http://docs.info.apple.com/article.html?artnum=303382"}, {"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17922"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19064"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/21800"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/15833"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/16907"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-062A.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2005/2869"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/0791"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23561"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}