ID

VAR-199910-0007


CVE

CVE-1999-1076


TITLE

apple's  macOS  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-1999-000073

DESCRIPTION

Idle locking function in MacOS 9 allows local users to bypass the password protection of idled sessions by selecting the "Log Out" option and selecting a "Cancel" option in the dialog box for an application that attempts to verify that the user wants to log out, which returns the attacker into the locked session. apple's macOS Exists in unspecified vulnerabilities.None. MacOS 9 includes an idle-activated console lock feature, similar to a screensaver password in other operating systems. After a certain length of user inactivity, a dialog box appears stating that a password must be entered. After the user clicks 'OK' another dialog box appears offering the option to either supply a password or to log out the current user. If the 'log out' option is chosen, any programs running will start to shut down. In certain programs, dialog boxes are created in the shutdown process (for example, "Exit without saving? OK/Cancel"). If the user selects 'Cancel', the shutdown process is aborted and the user is returned to the current session without ever having to enter a password. There is a vulnerability in the Idle locking function in the MacOS 9 version

Trust: 1.98

sources: NVD: CVE-1999-1076 // JVNDB: JVNDB-1999-000073 // BID: 745 // VULHUB: VHN-1057

AFFECTED PRODUCTS

vendor:applemodel:macosscope:eqversion:9

Trust: 1.0

vendor:アップルmodel:macosscope:eqversion:9

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion: -

Trust: 0.8

vendor:applemodel:mac osscope:eqversion:9

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:99.0

Trust: 0.3

sources: BID: 745 // JVNDB: JVNDB-1999-000073 // CNNVD: CNNVD-199910-047 // NVD: CVE-1999-1076

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-1999-1076
value: MEDIUM

Trust: 1.0

NVD: CVE-1999-1076
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-199910-047
value: MEDIUM

Trust: 0.6

VULHUB: VHN-1057
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-1999-1076
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-1057
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-1057 // JVNDB: JVNDB-1999-000073 // CNNVD: CNNVD-199910-047 // NVD: CVE-1999-1076

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-1999-000073 // NVD: CVE-1999-1076

THREAT TYPE

local

Trust: 0.9

sources: BID: 745 // CNNVD: CNNVD-199910-047

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-199910-047

PATCH

title:Mac OS 9 Idle Lock Bugurl:https://marc.info/?l=bugtraq&m=94096348604173&w=2

Trust: 0.8

sources: JVNDB: JVNDB-1999-000073

EXTERNAL IDS

db:NVDid:CVE-1999-1076

Trust: 3.6

db:BIDid:745

Trust: 2.0

db:JVNDBid:JVNDB-1999-000073

Trust: 0.8

db:CNNVDid:CNNVD-199910-047

Trust: 0.7

db:VULHUBid:VHN-1057

Trust: 0.1

sources: VULHUB: VHN-1057 // BID: 745 // JVNDB: JVNDB-1999-000073 // CNNVD: CNNVD-199910-047 // NVD: CVE-1999-1076

REFERENCES

url:http://www.securityfocus.com/bid/745

Trust: 2.7

url:http://marc.info/?l=bugtraq&m=94096348604173&w=2

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-1999-1076

Trust: 0.8

url:http://marc.info/?l=bugtraq&m=94096348604173&w=2

Trust: 0.1

sources: VULHUB: VHN-1057 // JVNDB: JVNDB-1999-000073 // CNNVD: CNNVD-199910-047 // NVD: CVE-1999-1076

CREDITS

Posted to Bugtraq by Sean Sosik-Hamor <ssh@shn.nu> on October 26, 1999.

Trust: 0.9

sources: BID: 745 // CNNVD: CNNVD-199910-047

SOURCES

db:VULHUBid:VHN-1057
db:BIDid:745
db:JVNDBid:JVNDB-1999-000073
db:CNNVDid:CNNVD-199910-047
db:NVDid:CVE-1999-1076

LAST UPDATE DATE

2024-11-22T23:12:12.613000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-1057date:2016-10-18T00:00:00
db:BIDid:745date:2009-07-11T00:56:00
db:JVNDBid:JVNDB-1999-000073date:2024-05-13T02:43:00
db:CNNVDid:CNNVD-199910-047date:2021-09-23T00:00:00
db:NVDid:CVE-1999-1076date:2024-11-20T23:30:14.257

SOURCES RELEASE DATE

db:VULHUBid:VHN-1057date:1999-10-26T00:00:00
db:BIDid:745date:1999-10-26T00:00:00
db:JVNDBid:JVNDB-1999-000073date:2024-05-13T00:00:00
db:CNNVDid:CNNVD-199910-047date:1999-10-26T00:00:00
db:NVDid:CVE-1999-1076date:1999-10-26T04:00:00