Vulnerability Name:

CVE-2001-1447 (CCN-7303)

Assigned:2001-10-17
Published:2001-10-17
Updated:2017-07-11
Summary:NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) "recent items" and (2) "services" menus, which causes the applications to run with root privileges.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: BUGTRAQ
Type: Exploit
20011017 Mac OS X setuid root security hole

Source: CCN
Type: BugTraq Mailing List, Wed Oct 17 2001 - 11:53:13 CDT
Mac OS X setuid root security hole

Source: CCN
Type: BugTraq Mailing List, Wed Oct 17 2001 - 13:50:29 CDT
Re: Mac OS X setuid root security hole

Source: CCN
Type: BugTraq Mailing List, Wed Oct 17 2001 - 16:00:33 CDT
Re: Mac OS X setuid root security hole

Source: CCN
Type: BugTraq Mailing List, Wed Oct 17 2001 - 15:16:50 CDT
Re: Mac OS X setuid root security hole

Source: BUGTRAQ
Type: Vendor Advisory
20011017 Re: Mac OS X setuid root security hole

Source: CCN
Type: BugTraq Mailing List, Wed Oct 17 2001 - 14:51:45 CDT
Re: Mac OS X setuid root security hole

Source: MITRE
Type: CNA
CVE-2001-1447

Source: CCN
Type: Apple Computer, Inc. Web site
Security Updates

Source: CCN
Type: CIAC Information Bulletin M-007
Macintosh OS-X Application Manager Vulnerability

Source: CIAC
Type: Exploit
M-007

Source: CCN
Type: US-CERT VU#945747
Mac OS X executes `recent items` with privileges of foreground application

Source: CERT-VN
Type: Exploit, Patch, US Government Resource
VU#945747

Source: CCN
Type: OSVDB ID: 16724
Apple Mac OS X NetInfo Manager Local Privilege Escalation

Source: BID
Type: Exploit
3439

Source: CCN
Type: BID-3439
MacOS X NetInfo Manager Privilege Escalation Vulnerability

Source: CCN
Type: Stepwise.com Web site
Mac OS X 10.1 Local Security Exploit

Source: XF
Type: UNKNOWN
macos-netinfo-root-privileges(7303)

Source: XF
Type: UNKNOWN
macos-netinfo-root-privileges(7303)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:apple:mac_os_x:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    apple mac os x 10.0
    apple mac os x 10.0.1
    apple mac os x 10.0.2
    apple mac os x 10.0.3
    apple mac os x 10.0.4
    apple mac os x 10.1
    apple mac os x 10.0.3
    apple mac os x 10.0.2
    apple mac os x 10.0.1
    apple mac os x 10.0
    apple mac os x 10.0.4
    apple mac os x 10.1