cvelistv5 - cve-2008-4212

CVE-2008-4212 (GCVE-0-2008-4212)

Vulnerability from cvelistv5

Published

2008-10-10 10:00

Modified

2024-08-07 10:08

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

gsd-2008-4212

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2008-4212

Aliases

CVE-2008-4212

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-4212",
    "description": "Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions.",
    "id": "GSD-2008-4212"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-4212"
      ],
      "details": "Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions.",
      "id": "GSD-2008-4212",
      "modified": "2023-12-13T01:22:59.321557Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-4212",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "31681",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/31681"
          },
          {
            "name": "31708",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/31708"
          },
          {
            "name": "1021028",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1021028"
          },
          {
            "name": "32222",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32222"
          },
          {
            "name": "ADV-2008-2780",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2780"
          },
          {
            "name": "macosx-rlogin-weak-security(45785)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45785"
          },
          {
            "name": "APPLE-SA-2008-10-09",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
          },
          {
            "name": "http://support.apple.com/kb/HT3216",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT3216"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4212"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-16"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "31681",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/31681"
            },
            {
              "name": "APPLE-SA-2008-10-09",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
            },
            {
              "name": "http://support.apple.com/kb/HT3216",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT3216"
            },
            {
              "name": "31708",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/31708"
            },
            {
              "name": "32222",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32222"
            },
            {
              "name": "1021028",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1021028"
            },
            {
              "name": "ADV-2008-2780",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2780"
            },
            {
              "name": "macosx-rlogin-weak-security(45785)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45785"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-08T01:32Z",
      "publishedDate": "2008-10-10T10:30Z"
    }
  }
}

fkie_cve-2008-4212

Vulnerability from fkie_nvd

Published

2008-10-10 10:30

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/32222	Vendor Advisory
cve@mitre.org	http://support.apple.com/kb/HT3216
cve@mitre.org	http://www.securityfocus.com/bid/31681	Patch
cve@mitre.org	http://www.securityfocus.com/bid/31708
cve@mitre.org	http://www.securitytracker.com/id?1021028
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2780
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/45785
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32222	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3216
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/31681	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/31708
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1021028
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2780
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/45785

Impacted products

Vendor	Product	Version
apple	mac_os_x	10.4.11
apple	mac_os_x	10.5.5
apple	mac_os_x_server	10.4.11
apple	mac_os_x_server	10.5.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EE39585-CF3B-4493-96D8-B394544C7643",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1EBF04-C440-4A6B-93F2-DC3A812728C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D09D5933-A7D9-4A61-B863-CD8E7D5E67D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C147E866-B80F-4FFA-BBE8-19E84A46DB1C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad sin especificar en rlogind en el componente rlogin en Mac OS X v10.4.11 v10.5.5 aplica entradas hosts.equiv a root a pesar de que en la documentaci\u00f3n se indica que podr\u00eda permitir a atacantes remotos evitar las restricciones de acceso establecidas."
    }
  ],
  "id": "CVE-2008-4212",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-10-10T10:30:05.137",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32222"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT3216"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/31681"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/31708"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1021028"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2780"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45785"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32222"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3216"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/31681"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/31708"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45785"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable. This issue did not affect the versions of rsh-server packages as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.\n\nThe glibcs ruserok function is used to check users authorization against rhosts files.  That implementation of ruserok never opens /etc/hosts.equiv for superuser.",
      "lastModified": "2008-10-25T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-16"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Attackers may be able to exploit this issue to log in as the root user via 'rlogind' without proper authentication from specific trusted hosts. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-007. The security update addresses a total of 11 new vulnerabilities that affect the ColorSync, CUPS, Finder, launchd, Networking, Postfix, PSNormalizer, rlogin, Script Editor, and Weblog components of Mac OS X. The advisory also contains security updates for 30 previously reported issues. NOTE: This BID is being retired; the following individual records have been created to better document these issues: 31716 Apple Script Editor Unspecified Insecure Temporary File Creation Vulnerability 31718 Apple Mac OS X Server Weblog Access Control List Security Bypass Vulnerability 31708 Apple Mac OS X 'hosts.equiv' Security Bypass Vulnerability 31721 Apple Mac OS X 10.5 Postfix Security Bypass Vulnerability 31719 Apple PSNormalizer PostScript Buffer Overflow Vulnerability 31711 Apple Mac OS X 'configd' EAPOLController Plugin Local Heap Based Buffer Overflow Vulnerability 31715 Apple Mac OS X ColorSync ICC Profile Remote Buffer Overflow Vulnerability 31720 Apple Finder Denial of Service Vulnerability 31707 Apple OS X QuickLook Excel File Integer Overflow Vulnerability 31688 CUPS 'HP-GL/2' Filter Remote Code Execution Vulnerability 31722 Apple Mac OS X 10.5 'launchd' Unspecified Security Bypass Vulnerability. The user manual for the configuration file hosts.equiv claims that items do not apply to root, but an implementation bug in rlogind causes these items to also apply to root.

Bist Du interessiert an einem neuen Job in IT-Sicherheit?

Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/

TITLE: phpPgAds XML-RPC PHP Code Execution Vulnerability

SECUNIA ADVISORY ID: SA15884

VERIFY ADVISORY: http://secunia.com/advisories/15884/

CRITICAL: Highly critical

IMPACT: System access

WHERE:

From remote

SOFTWARE: phpPgAds 2.x http://secunia.com/product/4577/

DESCRIPTION: A vulnerability has been reported in phpPgAds, which can be exploited by malicious people to compromise a vulnerable system.

For more information: SA15852

SOLUTION: Update to version 2.0.5. http://sourceforge.net/project/showfiles.php?group_id=36679

OTHER REFERENCES: SA15852: http://secunia.com/advisories/15852/

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200810-0393",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.5.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.11"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.5.5"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.11"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "drupal",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "pear xml rpc",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "phpxmlrpc",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "postnuke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "serendipity",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ubuntu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "wordpress",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "xoops",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "phpmyfaq",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.4.11"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.5"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.4.11"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.9"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.11"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "db": "BID",
        "id": "31708"
      },
      {
        "db": "BID",
        "id": "31681"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001819"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-167"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4212"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x_server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001819"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "regenrechtSergio AlvarezRalf Meyer",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-167"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2008-4212",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2008-4212",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-34337",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2008-4212",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#442845",
            "trust": 0.8,
            "value": "20.75"
          },
          {
            "author": "NVD",
            "id": "CVE-2008-4212",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200810-167",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-34337",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "db": "VULHUB",
        "id": "VHN-34337"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001819"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-167"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4212"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. \nAttackers may be able to exploit this issue to log in as the root user via \u0027rlogind\u0027 without proper authentication from specific trusted hosts. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-007. \nThe security update addresses a total of 11 new vulnerabilities that affect the ColorSync, CUPS, Finder, launchd, Networking, Postfix, PSNormalizer, rlogin, Script Editor, and Weblog components of Mac OS X. The advisory also contains security updates for 30 previously reported issues. \nNOTE: This BID is being retired; the following individual records have been created to better document these issues:\n31716 Apple Script Editor Unspecified Insecure Temporary File Creation Vulnerability\n31718 Apple Mac OS X Server Weblog Access Control List Security Bypass Vulnerability\n31708 Apple Mac OS X \u0027hosts.equiv\u0027 Security Bypass Vulnerability\n31721 Apple Mac OS X 10.5 Postfix Security Bypass Vulnerability\n31719 Apple PSNormalizer PostScript Buffer Overflow Vulnerability\n31711 Apple Mac OS X \u0027configd\u0027 EAPOLController Plugin Local Heap Based Buffer Overflow Vulnerability\n31715 Apple Mac OS X ColorSync ICC Profile Remote Buffer Overflow Vulnerability\n31720 Apple Finder Denial of Service Vulnerability\n31707 Apple OS X QuickLook Excel File Integer Overflow Vulnerability\n31688 CUPS \u0027HP-GL/2\u0027 Filter Remote Code Execution Vulnerability\n31722 Apple Mac OS X 10.5 \u0027launchd\u0027 Unspecified Security Bypass Vulnerability. The user manual for the configuration file hosts.equiv claims that items do not apply to root, but an implementation bug in rlogind causes these items to also apply to root. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nphpPgAds XML-RPC PHP Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA15884\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/15884/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nphpPgAds 2.x\nhttp://secunia.com/product/4577/\n\nDESCRIPTION:\nA vulnerability has been reported in phpPgAds, which can be exploited\nby malicious people to compromise a vulnerable system. \n\nFor more information:\nSA15852\n\nSOLUTION:\nUpdate to version 2.0.5. \nhttp://sourceforge.net/project/showfiles.php?group_id=36679\n\nOTHER REFERENCES:\nSA15852:\nhttp://secunia.com/advisories/15852/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-4212"
      },
      {
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001819"
      },
      {
        "db": "BID",
        "id": "31708"
      },
      {
        "db": "BID",
        "id": "31681"
      },
      {
        "db": "VULHUB",
        "id": "VHN-34337"
      },
      {
        "db": "PACKETSTORM",
        "id": "38390"
      }
    ],
    "trust": 3.06
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-4212",
        "trust": 3.1
      },
      {
        "db": "BID",
        "id": "31708",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "32222",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "31681",
        "trust": 2.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2780",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1021028",
        "trust": 1.7
      },
      {
        "db": "XF",
        "id": "45785",
        "trust": 1.4
      },
      {
        "db": "SECUNIA",
        "id": "15884",
        "trust": 0.9
      },
      {
        "db": "SECUNIA",
        "id": "15810",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15922",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15852",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15855",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15861",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15862",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15872",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15883",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15895",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "14088",
        "trust": 0.8
      },
      {
        "db": "SECTRACK",
        "id": "1014327",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#442845",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001819",
        "trust": 0.8
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2008-10-09",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-167",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-34337",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "38390",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "db": "VULHUB",
        "id": "VHN-34337"
      },
      {
        "db": "BID",
        "id": "31708"
      },
      {
        "db": "BID",
        "id": "31681"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001819"
      },
      {
        "db": "PACKETSTORM",
        "id": "38390"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-167"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4212"
      }
    ]
  },
  "id": "VAR-200810-0393",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-34337"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-29T21:52:18.125000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT3216",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT3216"
      },
      {
        "title": "HT3216",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT3216?viewlocale=ja_JP"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001819"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-16",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-34337"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001819"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4212"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/31708"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/32222"
      },
      {
        "trust": 2.0,
        "url": "http://support.apple.com/kb/ht3216"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2008/oct/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/31681"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1021028"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2008/2780"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/45785"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/2780"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45785"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/15884/"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/15852/"
      },
      {
        "trust": 0.8,
        "url": "http://www.hardened-php.net/advisory-022005.php"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15861/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15862/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15895/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15883/"
      },
      {
        "trust": 0.8,
        "url": "http://news.postnuke.com/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=2699"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15855/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15810/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15872/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15922/"
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/alerts/2005/jun/1014327.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.gulftech.org/?node=research\u0026article_id=00088-07022005"
      },
      {
        "trust": 0.8,
        "url": "http://www.gulftech.org/?node=research\u0026article_id=00087-07012005"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/14088"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4212"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-4212"
      },
      {
        "trust": 0.3,
        "url": "http://software.cisco.com/download/navigator.html?mdfid=283613663"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/4577/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_vacancies/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://sourceforge.net/project/showfiles.php?group_id=36679"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "db": "VULHUB",
        "id": "VHN-34337"
      },
      {
        "db": "BID",
        "id": "31708"
      },
      {
        "db": "BID",
        "id": "31681"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001819"
      },
      {
        "db": "PACKETSTORM",
        "id": "38390"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-167"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4212"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "db": "VULHUB",
        "id": "VHN-34337"
      },
      {
        "db": "BID",
        "id": "31708"
      },
      {
        "db": "BID",
        "id": "31681"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001819"
      },
      {
        "db": "PACKETSTORM",
        "id": "38390"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-167"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4212"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2005-07-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "date": "2008-10-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-34337"
      },
      {
        "date": "2008-10-09T00:00:00",
        "db": "BID",
        "id": "31708"
      },
      {
        "date": "2008-10-09T00:00:00",
        "db": "BID",
        "id": "31681"
      },
      {
        "date": "2008-11-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001819"
      },
      {
        "date": "2005-07-01T23:31:00",
        "db": "PACKETSTORM",
        "id": "38390"
      },
      {
        "date": "2007-05-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200810-167"
      },
      {
        "date": "2008-10-10T10:30:05.137000",
        "db": "NVD",
        "id": "CVE-2008-4212"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-03-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "date": "2017-08-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-34337"
      },
      {
        "date": "2008-10-15T16:17:00",
        "db": "BID",
        "id": "31708"
      },
      {
        "date": "2009-03-24T16:56:00",
        "db": "BID",
        "id": "31681"
      },
      {
        "date": "2008-11-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001819"
      },
      {
        "date": "2009-02-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200810-167"
      },
      {
        "date": "2024-11-21T00:51:10.903000",
        "db": "NVD",
        "id": "CVE-2008-4212"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "31708"
      },
      {
        "db": "BID",
        "id": "31681"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple PHP XML-RPC implementations vulnerable to code injection",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#442845"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "configuration error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-167"
      }
    ],
    "trust": 0.6
  }
}

CERTA-2008-AVI-492

Vulnerability from certfr_avis

Plusieurs vulnérabilités affectant Apple Mac Os X permettent à une personne malveillante d'effectuer une exécution de code arbitraire, de provoquer un déni de service à distance, de contourner la politique de sécurité, de porter atteinte à la confidentialité des données et d'élever ses privilèges sur le système.

Description

De multiples vulnérabilités ont été découvertes dans Apple Mac OS X. Ces dernières affectent entre autres :

ColorSync ;
CUPS ;
Finder ;
Postfix ;
Networking ;
...

Elles permettent à une personne malintentionnée d'effectuer une exécution de code arbitraire , de provoquer un déni de service à distance, de contourner la politique de sécurité, de porter atteinte à la confidentialité des données et d'élever ses privilèges sur le système.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Mac OS X 10.4.11 ;
	N/A	N/A	Mac OS X 10.5.5.

References

Title

Publication Time

ghsa-vq9m-ghf7-f8ph

Vulnerability from github

Published

2022-05-02 00:07

Modified

2022-05-02 00:07

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-4212"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-10-10T10:30:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions.",
  "id": "GHSA-vq9m-ghf7-f8ph",
  "modified": "2022-05-02T00:07:59Z",
  "published": "2022-05-02T00:07:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4212"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45785"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32222"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3216"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/31681"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/31708"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1021028"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2780"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2008-4212 (GCVE-0-2008-4212)

Vulnerability from cvelistv5

gsd-2008-4212

Vulnerability from gsd

fkie_cve-2008-4212

Vulnerability from fkie_nvd

var-200810-0393

Vulnerability from variot

CERTA-2008-AVI-492

Vulnerability from certfr_avis

Description

Solution

ghsa-vq9m-ghf7-f8ph

Vulnerability from github

Tags

Sightings

Nomenclature