Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0489

Overview

Vulnerability Score 7.6 7.6
CVE Id CVE-2004-0489
Last Modified 10 Sep 2008 03:26:38
Published 07 Jul 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2004-0489

Summary

Argument injection vulnerability in the SSH URI handler for Safari on Mac OS 10.3.3 and earlier allows remote attackers to (1) execute arbitrary code via the ProxyCommand option or (2) conduct port forwarding via the -R option.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.3.3


References

XF - macos-ssh-code-execution(16242)

MISC - http://www.insecure.ws/article.php?story=200405222251133

FULLDISC - 20040524 SSH URI handler remote arbitrary code execution


Last Updated: 27 May 2016 10:38:37