ID

VAR-199911-0013


CVE

CVE-1999-1077


TITLE

apple's  macOS  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-1999-000070

DESCRIPTION

Idle locking function in MacOS 9 allows local attackers to bypass the password protection of idled sessions via the programmer's switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock. apple's macOS Exists in unspecified vulnerabilities.None. Under MacOS the key combination CMD-PWR (Command key + Power Key) or the programmer's switch (on models that have one) will start up the micro-debugger or an assembly debugger such as MacsBug. This behavior occurs even while the screen is locked after the user becoming idle. This allows a user to drop into the debugger and kill the screen lock process and obtain access to the desktop. There is a vulnerability in the idle lock function in the MacOS 9 version

Trust: 1.98

sources: NVD: CVE-1999-1077 // JVNDB: JVNDB-1999-000070 // BID: 756 // VULHUB: VHN-1058

AFFECTED PRODUCTS

vendor:applemodel:macosscope:eqversion:9

Trust: 1.0

vendor:アップルmodel:macosscope:eqversion:9

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion: -

Trust: 0.8

vendor:applemodel:mac osscope:eqversion:9

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:99.0

Trust: 0.3

sources: BID: 756 // JVNDB: JVNDB-1999-000070 // CNNVD: CNNVD-199911-001 // NVD: CVE-1999-1077

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-1999-1077
value: MEDIUM

Trust: 1.0

NVD: CVE-1999-1077
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-199911-001
value: MEDIUM

Trust: 0.6

VULHUB: VHN-1058
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-1999-1077
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-1058
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-1058 // JVNDB: JVNDB-1999-000070 // CNNVD: CNNVD-199911-001 // NVD: CVE-1999-1077

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-1999-000070 // NVD: CVE-1999-1077

THREAT TYPE

local

Trust: 0.9

sources: BID: 756 // CNNVD: CNNVD-199911-001

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-199911-001

PATCH

title:Reurl:http://marc.info/?l=bugtraq&m=94149318124548&w=2

Trust: 0.8

sources: JVNDB: JVNDB-1999-000070

EXTERNAL IDS

db:NVDid:CVE-1999-1077

Trust: 3.6

db:BIDid:756

Trust: 2.8

db:JVNDBid:JVNDB-1999-000070

Trust: 0.8

db:CNNVDid:CNNVD-199911-001

Trust: 0.7

db:VULHUBid:VHN-1058

Trust: 0.1

sources: VULHUB: VHN-1058 // BID: 756 // JVNDB: JVNDB-1999-000070 // CNNVD: CNNVD-199911-001 // NVD: CVE-1999-1077

REFERENCES

url:http://www.securityfocus.com/bid/756

Trust: 3.5

url:http://marc.info/?l=bugtraq&m=94149318124548&w=2

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-1999-1077

Trust: 0.8

url:http://marc.info/?l=bugtraq&m=94149318124548&w=2

Trust: 0.1

sources: VULHUB: VHN-1058 // JVNDB: JVNDB-1999-000070 // CNNVD: CNNVD-199911-001 // NVD: CVE-1999-1077

CREDITS

This vulnerability was published by Zachary Keane <ZacharyKeane@telebot.com>.

Trust: 0.9

sources: BID: 756 // CNNVD: CNNVD-199911-001

SOURCES

db:VULHUBid:VHN-1058
db:BIDid:756
db:JVNDBid:JVNDB-1999-000070
db:CNNVDid:CNNVD-199911-001
db:NVDid:CVE-1999-1077

LAST UPDATE DATE

2024-11-22T23:03:22.864000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-1058date:2016-10-18T00:00:00
db:BIDid:756date:2009-07-11T00:56:00
db:JVNDBid:JVNDB-1999-000070date:2024-05-13T02:36:00
db:CNNVDid:CNNVD-199911-001date:2021-09-23T00:00:00
db:NVDid:CVE-1999-1077date:2024-11-20T23:30:14.437

SOURCES RELEASE DATE

db:VULHUBid:VHN-1058date:1999-11-01T00:00:00
db:BIDid:756date:1999-11-01T00:00:00
db:JVNDBid:JVNDB-1999-000070date:2024-05-13T00:00:00
db:CNNVDid:CNNVD-199911-001date:1999-11-01T00:00:00
db:NVDid:CVE-1999-1077date:1999-11-01T05:00:00