Apple Mac OS X BlueTooth Arbitrary File Access Vulnerability
BID:13494
Info
Apple Mac OS X BlueTooth Arbitrary File Access Vulnerability
| Bugtraq ID: | 13494 |
| Class: | Access Validation Error |
| CVE: |
CVE-2005-1332 |
| Remote: | Yes |
| Local: | No |
| Published: | May 04 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | Kevin Finisterre is credited with the discovery of this vulnerability. |
| Vulnerable: |
Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 |
| Not Vulnerable: | |
Discussion
Apple Mac OS X BlueTooth Arbitrary File Access Vulnerability
Apple Mac OS X is prone to an arbitrary file access vulnerability.
The Bluetooth file exchange service may allow existing files to be disclosed or new files to be uploaded. The service saves files in a shared folder by default that may be accessed by other applications and users.
This issue was initially reported in BID 13480 (Apple Mac OS X Multiple Vulnerabilities). Due to the availability of more information, this issue is being assigned a new BID.
Apple Mac OS X is prone to an arbitrary file access vulnerability.
The Bluetooth file exchange service may allow existing files to be disclosed or new files to be uploaded. The service saves files in a shared folder by default that may be accessed by other applications and users.
This issue was initially reported in BID 13480 (Apple Mac OS X Multiple Vulnerabilities). Due to the availability of more information, this issue is being assigned a new BID.
Exploit / POC
Apple Mac OS X BlueTooth Arbitrary File Access Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
Apple Mac OS X BlueTooth Arbitrary File Access Vulnerability
Solution:
Apple has released advisory (APPLE-SA-2005-05-03) to address this and
other issues. Please see the referenced advisory for more information.
Apple Mac OS X 10.3.9
Apple Mac OS X Server 10.3.9
Solution:
Apple has released advisory (APPLE-SA-2005-05-03) to address this and
other issues. Please see the referenced advisory for more information.
Apple Mac OS X 10.3.9
-
Apple SecUpd2005-005Pan.dmg
http://www.apple.com/support/downloads/securityupdate2005005client.htm l
Apple Mac OS X Server 10.3.9
-
Apple SecUpdSrvr2005-005Pan.dmg
http://www.apple.com/support/downloads/securityupdate2005005server.htm l
References
Apple Mac OS X BlueTooth Arbitrary File Access Vulnerability
References:
References:
- DMA[2005-0502a] - 'Apple OSX multiple Bluetooth vulnerabilities' (Kevin Finisterre)