| Vulnerability Name: | CVE-2002-0676 (CCN-9502) | ||||||||
| Assigned: | 2002-07-07 | ||||||||
| Published: | 2002-07-07 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Sat Jul 06 2002 - 23:21:24 CDT MacOS X SoftwareUpdate Vulnerability Source: CCN Type: BugTraq Mailing List, Mon Jul 15 2002 - 10:42:52 CDT RE: MacOS X SoftwareUpdate Vulnerability Source: MITRE Type: CNA CVE-2002-0676 Source: MISC Type: Vendor Advisory http://www.cunap.com/~hardingr/projects/osx/exploit.html Source: XF Type: UNKNOWN macos-softwareupdate-no-auth(9502) Source: OSVDB Type: UNKNOWN 5137 Source: CCN Type: OSVDB ID: 5137 Mac OS SoftwareUpdate Execute Arbitrary Program Source: BID Type: UNKNOWN 5176 Source: CCN Type: BID-5176 MacOS X SoftwareUpdate Arbitrary Package Installation Vulnerability Source: CCN Type: AppleCare Knowledge Base Document 75304 Security Update 7-12-02: Information and Download Source: XF Type: UNKNOWN macos-softwareupdate-no-auth(9502) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||