Vulnerability CVE-2005-0340


Published: 2005-05-02   Modified: 2008-09-05

Description:
Integer signedness error in Apple File Service (AFP Server) allows remote attackers to cause a denial of service (application crash) via a negative UAM string length in a FPLoginExt packet.

Vendor: Apple
Product: Afp server 

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
http://xforce.iss.net/xforce/xfdb/19263
http://marc.theaimsgroup.com/?l=bugtraq&m=110791369419784&w=2
http://www.securityfocus.com/bid/12478

Related CVE
CVE-2017-7149
An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the "StorageKit" component. It allows attackers to discover passwords for APFS encrypted volumes by reading Disk Utility hints, ...
CVE-2017-7150
An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the "Security" component. It allows attackers to bypass the keychain access prompt, and consequently extract passwords, via a sy...
CVE-2017-7145
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Time" component. The "Setting Time Zone" feature mishandles the possibility of using location data.
CVE-2017-7148
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Location Framework" component. It allows attackers to obtain sensitive location information via a crafted app that reads the location variable.
CVE-2017-7146
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Security" component. It allows attackers to track users across installs via a crafted app that leverages Keychain data mishandling.
CVE-2017-7147
An issue was discovered in certain Apple products. The Apple Support app before 1.2 for iOS is affected. The issue involves the "Analytics" component. It allows remote attackers to obtain sensitive analytics information by leveraging its presence in ...
CVE-2017-7142
An issue was discovered in certain Apple products. Safari before 11 is affected. The issue involves the "WebKit Storage" component. It allows attackers to bypass the Safari Private Browsing protection mechanism, and consequently obtain sensitive info...
CVE-2017-7144
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to track Safari Private Browsing users by leveraging cookie mishandling.

Copyright 2017, cxsecurity.com

 

Back to Top