ID CVE-2009-0013
Summary dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information.
References
Vulnerable Configurations
  • cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 08-08-2017 - 01:33)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:N/A:N
refmap via4
apple APPLE-SA-2009-02-12
bid
  • 33759
  • 33815
confirm http://support.apple.com/kb/HT3438
sectrack 1021722
secunia 33937
vupen ADV-2009-0422
xf macosx-dstools-information-disclosure(48717)
Last major update 08-08-2017 - 01:33
Published 13-02-2009 - 00:30
Last modified 08-08-2017 - 01:33
Back to Top