| Vulnerability Name: | CVE-2003-0877 (CCN-13542) |
| Assigned: | 2003-10-28 |
| Published: | 2003-10-28 |
| Updated: | 2017-07-11 |
| Summary: | Mac OS X before 10.3 with core files enabled allows local users to overwrite arbitrary files and read core files via a symlink attack on core files that are created with predictable names in the /cores directory.
|
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low |
|
| CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial |
2.6 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:P)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial |
|
| Vulnerability Type: | CWE-Other
|
| Vulnerability Consequences: | File Manipulation |
| References: | Source: CCN
Type: @stake, Inc. Security Advisory a102803-1
Mac OS X Arbitrary File Overwrite via Core Files
Source: MITRE
Type: CNA
CVE-2003-0877
Source: CCN
Type: Apple Computer, Inc. Web site
Apple - Mac OS X
Source: ATSTAKE
Type: Patch, Vendor Advisory
A102803-1
Source: CCN
Type: OSVDB ID: 7067
Apple Mac OS X Arbitrary File Overwrite via Core Files
Source: BID
Type: Vendor Advisory
8914
Source: CCN
Type: BID-8914
Apple Mac OS X Core File Symbolic Link Vulnerability
Source: BID
Type: UNKNOWN
8917
Source: CCN
Type: BID-8917
Apple Mac OS X Multiple Vulnerabilities
Source: XF
Type: UNKNOWN
macos-core-files-symlink(13542)
Source: XF
Type: UNKNOWN
macos-core-files-symlink(13542)
|
| Vulnerable Configuration: | Configuration 1:
cpe:/o:apple:mac_os_x:10.0:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.1:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.2:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.2:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.0:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x_server:10.0.1:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x_server:10.0.2:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x_server:10.0.3:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.1:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |