Vulnerability Name: | CVE-2005-4217 (CCN-23561) | ||||||||
Assigned: | 2005-12-13 | ||||||||
Published: | 2005-12-13 | ||||||||
Updated: | 2017-07-20 | ||||||||
Summary: | Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the "$<" variable to set uid, which allows attackers to gain privileges. | ||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
Vulnerability Type: | CWE-264 | ||||||||
Vulnerability Consequences: | Bypass Security | ||||||||
References: | Source: MITRE Type: CNA CVE-2005-4217 Source: CONFIRM Type: UNKNOWN http://docs.info.apple.com/article.html?artnum=303382 Source: APPLE Type: UNKNOWN APPLE-SA-2006-03-01 Source: CCN Type: SA17922 Mac OS X Perl "$<" Privilege Dropping Security Issue Source: SECUNIA Type: Vendor Advisory 17922 Source: CCN Type: SA19064 Mac OS X Security Update Fixes Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 19064 Source: CCN Type: Apple Mac OS X Web site Apple - Support - Downloads - Security Update 2006-001 Mac OS X 10.4.5 (PPC) Source: OSVDB Type: UNKNOWN 21800 Source: CCN Type: OSVDB ID: 21800 Perl on Mac OS X $< Compile Time Privilege Escalation Issue Source: BID Type: UNKNOWN 15833 Source: CCN Type: BID-15833 Apple Mac OS X Perl Insecure Privilege Dropping Weakness Source: BID Type: UNKNOWN 16907 Source: CCN Type: BID-16907 Apple Mac OS X Security Update 2006-001 Multiple Vulnerabilities Source: CERT Type: US Government Resource TA06-062A Source: VUPEN Type: Vendor Advisory ADV-2005-2869 Source: VUPEN Type: Vendor Advisory ADV-2006-0791 Source: XF Type: UNKNOWN macos-perl-bypass-security(23561) Source: XF Type: UNKNOWN macos-perl-bypass-security(23561) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||
BACK |