Info

Disclosure

May 03, 2005

Discovery

Mar 20, 2005

Dates

Exploit

May 03, 2005

Solution

Unknown

Description

Mac OS X contains a flaw that allows a remote attacker to access files outside of the Bluetooth file and object exchange services directory path. The issue is due to Bluetooth OBEX not properly sanitizing user input, specifically traversal style attacks (../../).

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Products

Apple Computer, Inc.	Mac OS X	10.3
		10.3.1
		10.3.2
		10.3.4
		10.3.3
		10.3.5
		10.3.6
		10.3.7
		10.3.8
		10.3.9

References

Security Tracker: 1014014
Bugtraq ID: 13480
Secunia Advisory ID: 15227 15436 15481
CVE ID: 2005-1333 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0111.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0045.html
Vendor Specific Advisory URL: http://docs.info.apple.com/article.html?artnum=301528
http://docs.info.apple.com/article.html?artnum=301630
http://docs.info.apple.com/article.html?artnum=301742
Vendor URL: http://www.apple.com/
Other Advisory URL: http://www.digitalmunition.com/DMA[2005-0502a].txt

Credit

Kevin Finisterre - kfdigitalmunition.com -

Direct URL: http://osvdb.org/16074

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Apple Computer, Inc.

Mac OS X

References

Credit