Details of VAR-199910-0007

ID

VAR-199910-0007

CVE

CVE-1999-1076

TITLE

apple's macOS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-1999-000073

DESCRIPTION

Idle locking function in MacOS 9 allows local users to bypass the password protection of idled sessions by selecting the "Log Out" option and selecting a "Cancel" option in the dialog box for an application that attempts to verify that the user wants to log out, which returns the attacker into the locked session. apple's macOS Exists in unspecified vulnerabilities.None. MacOS 9 includes an idle-activated console lock feature, similar to a screensaver password in other operating systems. After a certain length of user inactivity, a dialog box appears stating that a password must be entered. After the user clicks 'OK' another dialog box appears offering the option to either supply a password or to log out the current user. If the 'log out' option is chosen, any programs running will start to shut down. In certain programs, dialog boxes are created in the shutdown process (for example, "Exit without saving? OK/Cancel"). If the user selects 'Cancel', the shutdown process is aborted and the user is returned to the current session without ever having to enter a password. There is a vulnerability in the Idle locking function in the MacOS 9 version

Trust: 1.98

sources: NVD: CVE-1999-1076 // JVNDB: JVNDB-1999-000073 // BID: 745 // VULHUB: VHN-1057

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	eq	version:	9	Trust: 1.0
vendor:	アップル	model:	macos	scope:	eq	version:	9	Trust: 0.8
vendor:	アップル	model:	macos	scope:	eq	version:	-	Trust: 0.8
vendor:	apple	model:	mac os	scope:	eq	version:	9	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	99.0	Trust: 0.3

sources: BID: 745 // JVNDB: JVNDB-1999-000073 // CNNVD: CNNVD-199910-047 // NVD: CVE-1999-1076

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-1999-1076
value:	MEDIUM
Trust: 1.0
NVD:	CVE-1999-1076
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-199910-047
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-1057
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-1999-1076
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-1057
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-1057 // JVNDB: JVNDB-1999-000073 // CNNVD: CNNVD-199910-047 // NVD: CVE-1999-1076

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-1999-000073 // NVD: CVE-1999-1076

THREAT TYPE

local

Trust: 0.9

sources: BID: 745 // CNNVD: CNNVD-199910-047

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-199910-047

PATCH

title:

Mac OS 9 Idle Lock Bug

url:

https://marc.info/?l=bugtraq&m=94096348604173&w=2

Trust: 0.8

sources: JVNDB: JVNDB-1999-000073

EXTERNAL IDS

db:	NVD	id:	CVE-1999-1076	Trust: 3.6
db:	BID	id:	745	Trust: 2.0
db:	JVNDB	id:	JVNDB-1999-000073	Trust: 0.8
db:	CNNVD	id:	CNNVD-199910-047	Trust: 0.7
db:	VULHUB	id:	VHN-1057	Trust: 0.1

sources: VULHUB: VHN-1057 // BID: 745 // JVNDB: JVNDB-1999-000073 // CNNVD: CNNVD-199910-047 // NVD: CVE-1999-1076

REFERENCES

url:	http://www.securityfocus.com/bid/745	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=94096348604173&w=2	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-1999-1076	Trust: 0.8
url:	http://marc.info/?l=bugtraq&m=94096348604173&w=2	Trust: 0.1

sources: VULHUB: VHN-1057 // JVNDB: JVNDB-1999-000073 // CNNVD: CNNVD-199910-047 // NVD: CVE-1999-1076

CREDITS

Posted to Bugtraq by Sean Sosik-Hamor <ssh@shn.nu> on October 26, 1999.

Trust: 0.9

sources: BID: 745 // CNNVD: CNNVD-199910-047

SOURCES

db:	VULHUB	id:	VHN-1057
db:	BID	id:	745
db:	JVNDB	id:	JVNDB-1999-000073
db:	CNNVD	id:	CNNVD-199910-047
db:	NVD	id:	CVE-1999-1076

LAST UPDATE DATE

2024-08-14T14:48:22.281000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-1057	date:	2016-10-18T00:00:00
db:	BID	id:	745	date:	2009-07-11T00:56:00
db:	JVNDB	id:	JVNDB-1999-000073	date:	2024-05-13T02:43:00
db:	CNNVD	id:	CNNVD-199910-047	date:	2021-09-23T00:00:00
db:	NVD	id:	CVE-1999-1076	date:	2021-09-22T14:22:24.290

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-1057	date:	1999-10-26T00:00:00
db:	BID	id:	745	date:	1999-10-26T00:00:00
db:	JVNDB	id:	JVNDB-1999-000073	date:	2024-05-13T00:00:00
db:	CNNVD	id:	CNNVD-199910-047	date:	1999-10-26T00:00:00
db:	NVD	id:	CVE-1999-1076	date:	1999-10-26T04:00:00