Apple Mac OS X BlueTooth Directory Traversal Vulnerability
BID:13491
Info
Apple Mac OS X BlueTooth Directory Traversal Vulnerability
| Bugtraq ID: | 13491 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-1333 |
| Remote: | Yes |
| Local: | No |
| Published: | May 04 2005 12:00AM |
| Updated: | Nov 06 2006 08:37PM |
| Credit: | Kevin Finisterre is credited with the discovery of this vulnerability. |
| Vulnerable: |
Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 |
| Not Vulnerable: |
Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.3.9 Apple Mac OS X 10.4.1 Apple Mac OS X 10.3.9 |
Discussion
Apple Mac OS X BlueTooth Directory Traversal Vulnerability
Apple Mac OS X is prone to a directory-traversal vulnerability. Since the software fails to sufficiently sanitize input, a remote attacker could use the Bluetooth file- and object-exchange services to access files outside the default file-exchange directory.
This issue was initially reported in BID 13480 (Apple Mac OS X Multiple Vulnerabilities). Due to the availability of more information, this issue is being assigned a new BID.
Apple Mac OS X is prone to a directory-traversal vulnerability. Since the software fails to sufficiently sanitize input, a remote attacker could use the Bluetooth file- and object-exchange services to access files outside the default file-exchange directory.
This issue was initially reported in BID 13480 (Apple Mac OS X Multiple Vulnerabilities). Due to the availability of more information, this issue is being assigned a new BID.
Exploit / POC
Apple Mac OS X BlueTooth Directory Traversal Vulnerability
The following proofs of concept are available:
The following proofs of concept are available:
Solution / Fix
Apple Mac OS X BlueTooth Directory Traversal Vulnerability
Solution:
Apple has released security advisories along with fixes dealing with this issue:
- For Mac OS X 10.3.8: APPLE-SA-2005-04-15
- For Mac OS X 10.4: APPLE-SA-2005-05-19
- For Mac OS X 10.4.1 and Mac OS X 10.3.9: APPLE-SA-2005-06-08
Note that a previous advisory (APPLE-SA-2005-05-19) indicated that this issue does not affect Mac OS X 10.4.1; however, Apple advisory APPLE-SA-2005-06-08 contains fixes for Mac OS X 10.4.1. The older fixes are being replaced with the new updates contained in APPLE-SA-2005-06-08. Currently we are not aware of new updates for Mac OS X 10.4.
Apple Mac OS X 10.3.9
Apple Mac OS X Server 10.3.9
Apple Mac OS X Server 10.4
Apple Mac OS X 10.4
Apple Mac OS X Server 10.4.1
Apple Mac OS X 10.4.1
Solution:
Apple has released security advisories along with fixes dealing with this issue:
- For Mac OS X 10.3.8: APPLE-SA-2005-04-15
- For Mac OS X 10.4: APPLE-SA-2005-05-19
- For Mac OS X 10.4.1 and Mac OS X 10.3.9: APPLE-SA-2005-06-08
Note that a previous advisory (APPLE-SA-2005-05-19) indicated that this issue does not affect Mac OS X 10.4.1; however, Apple advisory APPLE-SA-2005-06-08 contains fixes for Mac OS X 10.4.1. The older fixes are being replaced with the new updates contained in APPLE-SA-2005-06-08. Currently we are not aware of new updates for Mac OS X 10.4.
Apple Mac OS X 10.3.9
-
Apple SecUpd2005-006Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=06439&plat form=osx&method=sa/SecUpd2005-006Pan.dmg -
Apple SecUpd2005-005Pan.dmg
http://www.apple.com/support/downloads/securityupdate2005005client.htm l
Apple Mac OS X Server 10.3.9
-
Apple SecUpd2005-006Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=06439&plat form=osx&method=sa/SecUpd2005-006Pan.dmg -
Apple SecUpdSrvr2005-005Pan.dmg
http://www.apple.com/support/downloads/securityupdate2005005server.htm l
Apple Mac OS X Server 10.4
-
Apple MacOSXSvrUpdate10.4.1.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=06210&plat form=osx&method=sa/MacOSXSvrUpdate10.4.1.dmg
Apple Mac OS X 10.4
-
Apple MacOSXUpdate10.4.1.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=06142&plat form=osx&method=sa/MacOSXUpdate10.4.1.dmg
Apple Mac OS X Server 10.4.1
-
Apple SecUpd2005-006Ti.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=06440&plat form=osx&method=sa/SecUpd2005-006Ti.dmg
Apple Mac OS X 10.4.1
References
Apple Mac OS X BlueTooth Directory Traversal Vulnerability
References:
References:
- DMA[2005-0502a] - 'Apple OSX multiple Bluetooth vulnerabilities' (Kevin Finisterre)
- Vendor Home Page (Apple)
- Bluetooth dot dot attacks (update) ("KF (lists)"
) - hack.lu Bluetooth demo ("K F (lists)"
) - Re: hack.lu Bluetooth demo (Thierry Zoller
)