Details of VAR-199911-0013

ID

VAR-199911-0013

CVE

CVE-1999-1077

TITLE

apple's macOS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-1999-000070

DESCRIPTION

Idle locking function in MacOS 9 allows local attackers to bypass the password protection of idled sessions via the programmer's switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock. apple's macOS Exists in unspecified vulnerabilities.None. Under MacOS the key combination CMD-PWR (Command key + Power Key) or the programmer's switch (on models that have one) will start up the micro-debugger or an assembly debugger such as MacsBug. This behavior occurs even while the screen is locked after the user becoming idle. This allows a user to drop into the debugger and kill the screen lock process and obtain access to the desktop. There is a vulnerability in the idle lock function in the MacOS 9 version

Trust: 1.98

sources: NVD: CVE-1999-1077 // JVNDB: JVNDB-1999-000070 // BID: 756 // VULHUB: VHN-1058

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	eq	version:	9	Trust: 1.0
vendor:	アップル	model:	macos	scope:	eq	version:	9	Trust: 0.8
vendor:	アップル	model:	macos	scope:	eq	version:	-	Trust: 0.8
vendor:	apple	model:	mac os	scope:	eq	version:	9	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	99.0	Trust: 0.3

sources: BID: 756 // JVNDB: JVNDB-1999-000070 // CNNVD: CNNVD-199911-001 // NVD: CVE-1999-1077

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-1999-1077
value:	MEDIUM
Trust: 1.0
NVD:	CVE-1999-1077
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-199911-001
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-1058
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-1999-1077
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-1058
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-1058 // JVNDB: JVNDB-1999-000070 // CNNVD: CNNVD-199911-001 // NVD: CVE-1999-1077

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-1999-000070 // NVD: CVE-1999-1077

THREAT TYPE

local

Trust: 0.9

sources: BID: 756 // CNNVD: CNNVD-199911-001

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-199911-001

PATCH

title:

url:

http://marc.info/?l=bugtraq&m=94149318124548&w=2

Trust: 0.8

sources: JVNDB: JVNDB-1999-000070

EXTERNAL IDS

db:	NVD	id:	CVE-1999-1077	Trust: 3.6
db:	BID	id:	756	Trust: 2.8
db:	JVNDB	id:	JVNDB-1999-000070	Trust: 0.8
db:	CNNVD	id:	CNNVD-199911-001	Trust: 0.7
db:	VULHUB	id:	VHN-1058	Trust: 0.1

sources: VULHUB: VHN-1058 // BID: 756 // JVNDB: JVNDB-1999-000070 // CNNVD: CNNVD-199911-001 // NVD: CVE-1999-1077

REFERENCES

url:	http://www.securityfocus.com/bid/756	Trust: 2.5
url:	http://marc.info/?l=bugtraq&m=94149318124548&w=2	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-1999-1077	Trust: 0.8
url:	http://marc.info/?l=bugtraq&m=94149318124548&w=2	Trust: 0.1

sources: VULHUB: VHN-1058 // JVNDB: JVNDB-1999-000070 // CNNVD: CNNVD-199911-001 // NVD: CVE-1999-1077

CREDITS

This vulnerability was published by Zachary Keane <ZacharyKeane@telebot.com>.

Trust: 0.9

sources: BID: 756 // CNNVD: CNNVD-199911-001

SOURCES

db:	VULHUB	id:	VHN-1058
db:	BID	id:	756
db:	JVNDB	id:	JVNDB-1999-000070
db:	CNNVD	id:	CNNVD-199911-001
db:	NVD	id:	CVE-1999-1077

LAST UPDATE DATE

2024-08-14T13:40:50.572000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-1058	date:	2016-10-18T00:00:00
db:	BID	id:	756	date:	2009-07-11T00:56:00
db:	JVNDB	id:	JVNDB-1999-000070	date:	2024-05-13T02:36:00
db:	CNNVD	id:	CNNVD-199911-001	date:	2021-09-23T00:00:00
db:	NVD	id:	CVE-1999-1077	date:	2021-09-22T14:22:24.370

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-1058	date:	1999-11-01T00:00:00
db:	BID	id:	756	date:	1999-11-01T00:00:00
db:	JVNDB	id:	JVNDB-1999-000070	date:	2024-05-13T00:00:00
db:	CNNVD	id:	CNNVD-199911-001	date:	1999-11-01T00:00:00
db:	NVD	id:	CVE-1999-1077	date:	1999-11-01T05:00:00