Executive Summary
Summary | |
---|---|
Title | Apple Mac OS X file sharing allows authenticated remote access to files and directories |
Informations | |||
---|---|---|---|
Name | VU#126787 | First vendor Publication | 2008-09-15 |
Vendor | VU-CERT | Last vendor Modification | 2008-10-13 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#126787Apple Mac OS X file sharing allows authenticated remote access to files and directoriesOverviewApple Mac OS X Leopard does not accurately reflect which files and directories are available via sharing.I. DescriptionApple Mac OS X Leopard (10.5.x) allows files and directories to be shared via a "Shared Folders" feature. OS X lists the folders that are shared using this feature, however the list is incomplete. An authenticated user can access his home directory remotely, and an authenticated administrator can remotely access the entire hard drive.II. ImpactA system that is configured with Shared Folders enabled may be exposing more files and directories than expected.III. SolutionApply an updateThis issue is addressed in Apple Mac OS X 10.5.5. This update causes OS X to more accurately explain which files and directories are shared. Please see the Apple Advisory for more details.
References
Thanks to Russ Andersson for reporting this vulnerability. This document was written by Will Dormann.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/126787 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 5 |
OpenVAS Exploits
Date | Description |
---|---|
2010-05-12 | Name : Mac OS X 10.5.5 Update / Security Update 2008-006 File : nvt/macosx_upd_10_5_5_secupd_2008-006.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
48236 | Apple Mac OS X File Sharing Home Directory Permission Weakness |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-09-16 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_5.nasl - Type : ACT_GATHER_INFO |
2008-09-16 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-006.nasl - Type : ACT_GATHER_INFO |