CERTA-2004-AVI-001

Vulnerability from certfr_avis - Published: - Updated:

None

Description

Plusieurs vulnérabilités ont été découvertes dans les versions MacOS 10.2.8 (Jaguar) et MacOS 10.3.2 (Panther). Elles permettent notamment à un utilisateur local mal intentionné d'élever ses privilèges et d'exécuter du code arbitraire. Elles permettent également à un utilisateur distant d'effectuer un déni de service sur SSL.

Solution

Appliquer le correctif fourni par Apple.

La mise à jour automatique des logiciels (software update) installera automatiquement le correctif correspondant à la version de MacOS X.

Les correctifs peuvent être également téléchargés sur le site d'Apple :

  • pour MacOS 10.2.8 (Jaguar)

    http://docs.info.apple.com/article.html?artnum=120291

  • MacOS 10.3.2 (Panther)

    http://docs.info.apple.com/article.html?artnum=120292

    .

None
Impacted products
Vendor Product Description
Apple macOS MacOS 10.2.8 (Jaguar) ;
Apple macOS MacOS 10.3.2 (Panther).
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MacOS 10.2.8 (Jaguar) ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "MacOS 10.3.2 (Panther).",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les versions MacOS\n10.2.8 (Jaguar) et MacOS 10.3.2 (Panther). Elles permettent notamment \u00e0\nun utilisateur local mal intentionn\u00e9 d\u0027\u00e9lever ses privil\u00e8ges et\nd\u0027ex\u00e9cuter du code arbitraire. Elles permettent \u00e9galement \u00e0 un\nutilisateur distant d\u0027effectuer un d\u00e9ni de service sur SSL.\n\n## Solution\n\nAppliquer le correctif fourni par Apple.\n\nLa mise \u00e0 jour automatique des logiciels (software update) installera\nautomatiquement le correctif correspondant \u00e0 la version de MacOS X.\n\nLes correctifs peuvent \u00eatre \u00e9galement t\u00e9l\u00e9charg\u00e9s sur le site d\u0027Apple :\n\n-   pour MacOS 10.2.8 (Jaguar)\n\n        http://docs.info.apple.com/article.html?artnum=120291\n\n-   MacOS 10.3.2 (Panther)\n\n        http://docs.info.apple.com/article.html?artnum=120292\n\n    .\n",
  "cves": [],
  "links": [
    {
      "title": "Avis de s\u00e9curit\u00e9 Apple :",
      "url": "http://docs.info.apple.com/article.html?artnum=61798"
    }
  ],
  "reference": "CERTA-2004-AVI-001",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2004-01-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": null,
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple MacOS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 Apple du 22-12-2003",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.