CVE-2004-1832

Vulnerability

The GUI admin service in Mac OS X Server 10.3 contains a buffer overflow triggered by sending more than 2056 bytes to TCP port 660. The vulnerable service is the "osx-admin" service identified by nmap. The overflow occurs because the service lacks proper bounds checking when handling input, with a buffer set at 2056 characters. This affects Mac OS X Server version 10.3 only (not the client edition) [1][2].

Exploitation

An unauthenticated remote attacker on the network can exploit this by connecting to TCP port 660 and sending a payload of at least 2057 characters. No authentication or special privileges are required. The attack was demonstrated using netcat or telnet to send 2057 'A' characters, which reliably crashes the service [1]. The exact sequence is: establish a TCP connection to port 660, send payload > 2056 bytes, and the service immediately crashes and restarts.

Impact

Successful exploitation results in a denial of service (DoS) where the admin service crashes and restarts. This disrupts administrative access to the server. The attacker does not gain code execution or elevated privileges; the impact is limited to availability [1]. The crash may cause temporary service interruption for GUI admin functions.

Mitigation

Apple was notified approximately four weeks before public disclosure but did not respond, and no patch was released at the time of disclosure (March 18, 2004) [1]. The vendor's status is unknown as Mac OS X Server 10.3 is long past end-of-life. There is no official fix or workaround documented in the references. The CVE is very old and not listed on CISA KEV [1].