CVE-2004-1398

Format string vulnerability in prelink.c in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via format string specifiers in the extension argument.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/11926
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049452.html
http://www.netragard.com/pdfs/research/apple-kext-tools-20060822.txt
http://www.securityfocus.com/bid/20031
http://marc.info/?l=bugtraq&m=110305083706943&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/18472

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:roxio:toast:*:*:*:*:*:*:*:*

Information

Published : 2004-12-30 21:00

Updated : 2017-07-10 18:30

NVD link : CVE-2004-1398

Mitre link : CVE-2004-1398

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

roxio

toast

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/11926", "name": "11926", "tags": [], "refsource": "BID"}, {"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049452.html", "name": "20060913 [NETRAGARD-20060822 SECURITY ADVISORY] [ APPLE COMPUTER CORPORATION KEXTLOAD VULNERABILITY + ROXIO TOAST TITANUM 7 HELPER APP - LOCAL ROOT COMROMISE]", "tags": [], "refsource": "FULLDISC"}, {"url": "http://www.netragard.com/pdfs/research/apple-kext-tools-20060822.txt", "name": "http://www.netragard.com/pdfs/research/apple-kext-tools-20060822.txt", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/20031", "name": "20031", "tags": [], "refsource": "BID"}, {"url": "http://marc.info/?l=bugtraq&m=110305083706943&w=2", "name": "20041214 Possible local root vulnerability in Roxio Toast on Mac OS X", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18472", "name": "roxio-toast-tdixsupport-format-string(18472)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Format string vulnerability in prelink.c in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via format string specifiers in the extension argument."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-1398", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2004-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:roxio:toast:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:30Z"}