VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-0545
mac_os_x, mac_os_x_server: The Finder in DesktopServices in Apple Mac OS X 10....
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0545

Original

The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, does not set the expected file ownerships during an "Apply to enclosed items" action, which allows local users to bypass intended access restrictions via normal filesystem operations.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-06-17
Source Information Category:
Advisory, Alert
Last Updated:
2010-06-17




Affected Product Tags
cpe:/o:apple:mac_os_x:10.5.8
cpe:/o:apple:mac_os_x:10.6.0
cpe:/o:apple:mac_os_x:10.6.1
cpe:/o:apple:mac_os_x:10.6.2
cpe:/o:apple:mac_os_x:10.6.3
cpe:/o:apple:mac_os_x_server:10.5.8
cpe:/o:apple:mac_os_x_server:10.6.0
cpe:/o:apple:mac_os_x_server:10.6.1
cpe:/o:apple:mac_os_x_server:10.6.2
cpe:/o:apple:mac_os_x_server:10.6.3
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

X Local [?]
Adjacent Network [?]
Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
Alternatives




References
APPLE APPLE-SA-2010-06-15-1




BID 40871




CONFIRM http://support.apple.com/kb/HT4188




SECTRACK 1024103




SECUNIA 40220




VUPEN ADV-2010-1481




Vulnerability Type Permissions, Privileges, and Access Control (CWE-264)




Copyright © 2010 JPCERT/CC All Rights Reserved.