Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3704

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-3704
Last Modified 08 Sep 2013 12:42:54
Published 30 Nov 2005 09:07:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3704

Summary

System log server in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to spoof syslog messages in log files by injecting various control characters such as newline (NL).

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.4

  • Apple Mac Os X 10.4.1

  • Apple Mac Os X 10.4.2

  • Apple Mac Os X 10.4.3

  • Apple Mac Os X Server 10.4

  • Apple Mac Os X Server 10.4.1

  • Apple Mac Os X Server 10.4.2

  • Apple Mac Os X Server 10.4.3


References

BID - 15647

SECUNIA - 17813

VUPEN - ADV-2005-2659

APPLE - APPLE-SA-2005-11-29

XF - macos-syslog-forgery(23344)

OSVDB - 21277

SECTRACK - 1015293

Related Patches

Apple 2005-11-29 Security Update 2005-009 v 1.0 (Mac OS X 10.4.3 Server)

Apple 2006-03-01 Security Update 2006-001 Mac OS X 10.4.5 (PPC)


Last Updated: 27 May 2016 10:41:00