cvelistv5 - cve-2010-4011

CVE-2010-4011 (GCVE-0-2010-4011)

Vulnerability from cvelistv5

Published

2010-11-16 23:00

Modified

2024-09-17 00:45

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

ghsa-7mf7-jpv7-pq9x

Vulnerability from github

Published

2022-05-17 05:46

Modified

2022-05-17 05:46

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-4011"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-11-17T01:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user\u0027s own mailbox, related to a \"memory aliasing issue.\"",
  "id": "GHSA-7mf7-jpv7-pq9x",
  "modified": "2022-05-17T05:46:00Z",
  "published": "2022-05-17T05:46:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4011"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4452"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Une vulnérabilité dans l'implémentation du serveur de messagerie Dovecot sur le système d'exploitation Mac OS X Server pourrait permettre à un utilisateur la lecture de messages qui ne lui sont pas destinés.

Description

Une vulnérabilité dans la gestion de la mémoire par le serveur de messagerie Dovecot sur le système d'exploitation Mac OS X Server pourrait permettre à un utilisateur malintentionné la lecture de messages d'autres utilisateurs.

Solution

Installer la version 10H575 de Mac OS X 10.6.5. Se référer au bulletin de sécurité de l'éditeur (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	Mac OS X 10.6.0 à 10.6.5(version 10H574).

References

Title

Publication Time

fkie_cve-2010-4011

Vulnerability from fkie_nvd

Published

2010-11-17 01:00

Modified

2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2010//Nov/msg00001.html	Vendor Advisory
product-security@apple.com	http://support.apple.com/kb/HT4452	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010//Nov/msg00001.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4452	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	mac_os_x_server	10.6.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.6.5:10h574:*:*:*:*:*:*",
              "matchCriteriaId": "D5D2B605-7453-4067-8A12-D353DA17545B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user\u0027s own mailbox, related to a \"memory aliasing issue.\""
    },
    {
      "lang": "es",
      "value": "Dovecot para Apple Mac OS X v10.6.5 10H574 no maneja adecuadamente la memoria para nombres de usuario, lo que permite a usuarios autenticados remotamente leer correos electr\u00f3nicos privados de otras personas en circunstancias oportunas a trav\u00e9s de clientes de correo electr\u00f3nico estandar accediendo al buz\u00f3n de correo de un usuario, relacionado con un \"fallo de enlazado de memoria\""
    }
  ],
  "evaluatorComment": "Per: http://lists.apple.com/archives/security-announce/2010//Nov/msg00001.html\r\n\r\n\u0027Dovecot is only provided with Mac OS X Server systems. This issue only affects systems running Mac OS X Server v10.6.5 (10H574). This issue does not affect the Dovecot open source project.\u0027",
  "id": "CVE-2010-4011",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-11-17T01:00:03.090",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00001.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4452"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4452"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

var-201011-0021

Vulnerability from variot

Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue.". Apple Mac OS X is prone to a remote memory-corruption vulnerability that affects Dovecot. Successful exploits may allow attackers to obtain email that was intended for other recipients. This issue affects Mac OS X Server 10.6 to 10.6.5. On systems where Dovecot is configured as a mail server, users may receive mail belonging to other users

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201011-0021",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.6.5"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6 to  v10.6.5 (10h574)"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "44874"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002469"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-191"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-4011"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x_server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002469"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "BID",
        "id": "44874"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-191"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2010-4011",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CVE-2010-4011",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-46616",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2010-4011",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2010-4011",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201011-191",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-46616",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-46616"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002469"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-191"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-4011"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user\u0027s own mailbox, related to a \"memory aliasing issue.\". Apple Mac OS X is prone to a remote memory-corruption vulnerability that affects Dovecot. \nSuccessful exploits may allow attackers to obtain email that was intended for other recipients. \nThis issue affects Mac OS X Server   10.6 to 10.6.5. On systems where Dovecot is configured as a mail server, users may receive mail belonging to other users",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-4011"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002469"
      },
      {
        "db": "BID",
        "id": "44874"
      },
      {
        "db": "VULHUB",
        "id": "VHN-46616"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-4011",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002469",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-191",
        "trust": 0.7
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2010-11-15-1",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "16011",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "44874",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-46616",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-46616"
      },
      {
        "db": "BID",
        "id": "44874"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002469"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-191"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-4011"
      }
    ]
  },
  "id": "VAR-201011-0021",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-46616"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:56:51.431000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT4452",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT4452"
      },
      {
        "title": "HT4452",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT4452?viewlocale=ja_JP"
      },
      {
        "title": "MacOSXUpd10.6.5",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=35124"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002469"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-191"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-46616"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002469"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-4011"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://support.apple.com/kb/ht4452"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2010//nov/msg00001.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4011"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4011"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/16011"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-46616"
      },
      {
        "db": "BID",
        "id": "44874"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002469"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-191"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-4011"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-46616"
      },
      {
        "db": "BID",
        "id": "44874"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002469"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-191"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-4011"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-11-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-46616"
      },
      {
        "date": "2010-11-15T00:00:00",
        "db": "BID",
        "id": "44874"
      },
      {
        "date": "2010-12-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-002469"
      },
      {
        "date": "2010-11-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201011-191"
      },
      {
        "date": "2010-11-17T01:00:03.090000",
        "db": "NVD",
        "id": "CVE-2010-4011"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-11-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-46616"
      },
      {
        "date": "2010-11-15T00:00:00",
        "db": "BID",
        "id": "44874"
      },
      {
        "date": "2010-12-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-002469"
      },
      {
        "date": "2010-11-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201011-191"
      },
      {
        "date": "2024-11-21T01:20:04.010000",
        "db": "NVD",
        "id": "CVE-2010-4011"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-191"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Mac OS X of  Dovecot Vulnerable to reading email",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002469"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-191"
      }
    ],
    "trust": 0.6
  }
}

gsd-2010-4011

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2010-4011

Aliases

CVE-2010-4011

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-4011",
    "description": "Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user\u0027s own mailbox, related to a \"memory aliasing issue.\"",
    "id": "GSD-2010-4011"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-4011"
      ],
      "details": "Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user\u0027s own mailbox, related to a \"memory aliasing issue.\"",
      "id": "GSD-2010-4011",
      "modified": "2023-12-13T01:21:29.677496Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2010-4011",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user\u0027s own mailbox, related to a \"memory aliasing issue.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://support.apple.com/kb/HT4452",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT4452"
          },
          {
            "name": "APPLE-SA-2010-11-15-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00001.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.5:10h574:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2010-4011"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user\u0027s own mailbox, related to a \"memory aliasing issue.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2010-11-15-1",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00001.html"
            },
            {
              "name": "http://support.apple.com/kb/HT4452",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT4452"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2010-11-17T05:00Z",
      "publishedDate": "2010-11-17T01:00Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2010-4011 (GCVE-0-2010-4011)

Vulnerability from cvelistv5

ghsa-7mf7-jpv7-pq9x

Vulnerability from github

CERTA-2010-AVI-557

Vulnerability from certfr_avis

Description

Solution

fkie_cve-2010-4011

Vulnerability from fkie_nvd

var-201011-0021

Vulnerability from variot

gsd-2010-4011

Vulnerability from gsd

Tags

Sightings

Nomenclature