Sign-up

ID

VAR-200112-0081


CVE

CVE-2001-0806


TITLE

Apple MacOS X Desktop Folder Access Control Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200112-043

DESCRIPTION

Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a user's desktop folder via insecure default permissions for the Desktop when it is created in some languages. A vulnerability exists in versions of Apple MacOS X. Due to a misconfiguration of file permissions, the destop folder belonging to a given user is by default world-readable/writable. If the folder's permissions are not manually reset, arbitrary users can read from and write to any files in this location. In addition to the potential loss of confidentiality and integrity of this data, if this folder contains security-sensitive information such as usernames, passwords or configuration information, a hostile user may be able to exploit it and further undermine the security of the host. Note that some users have reported MacOS X 10.0.4 systems which do not exhibit this vulnerability. Etaoin Shrdlu <shrdlu@deaddrop.org> notes that this issue may be applicable to accounts created during the Max OS X beta test period: "Sounds like the problem accounts were upgrades from beta versions. If you are running an upgrade from a beta, then you might want to take a second look. Fresh installs seem to be just fine." An attempt has been made to fix this issue in MacOS X 10.1. This includes the admin account if permissions are not changed manually before the upgrade

Trust: 1.26

sources: NVD: CVE-2001-0806 // BID: 2930 // VULHUB: VHN-3613

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.0.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.0.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.0

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.0.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.0.2

Trust: 1.6

vendor:applemodel:mac osscope:eqversion:x10.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.0

Trust: 0.3

sources: BID: 2930 // CNNVD: CNNVD-200112-043 // NVD: CVE-2001-0806

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-0806
value: LOW

Trust: 1.0

CNNVD: CNNVD-200112-043
value: LOW

Trust: 0.6

VULHUB: VHN-3613
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2001-0806
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-3613
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-3613 // CNNVD: CNNVD-200112-043 // NVD: CVE-2001-0806

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0806

THREAT TYPE

local

Trust: 0.9

sources: BID: 2930 // CNNVD: CNNVD-200112-043

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200112-043

EXTERNAL IDS

db:BIDid:2930

Trust: 2.0

db:OSVDBid:1882

Trust: 1.7

db:NVDid:CVE-2001-0806

Trust: 1.7

db:CNNVDid:CNNVD-200112-043

Trust: 0.7

db:BUGTRAQid:20010704 RE: MACOSX 10.0.X PERMISSIONS UNCORRECTLY SET - I GOT IT

Trust: 0.6

db:BUGTRAQid:20010626 MACOSX 10.0.X PERMISSIONS UNCORRECTLY SET

Trust: 0.6

db:BUGTRAQid:20011007 OS X 10.1 AND LOCALIZED DESKTOP FOLDER STILL VULNERABLE

Trust: 0.6

db:XFid:6750

Trust: 0.6

db:VULHUBid:VHN-3613

Trust: 0.1

sources: VULHUB: VHN-3613 // BID: 2930 // CNNVD: CNNVD-200112-043 // NVD: CVE-2001-0806

REFERENCES

url:http://www.securityfocus.com/bid/2930

Trust: 1.7

url:http://online.securityfocus.com/archive/1/219166

Trust: 1.7

url:http://www.osvdb.org/1882

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=99358249631139&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=99436289015729&w=2

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/6750

Trust: 1.1

url:http://marc.theaimsgroup.com/?l=bugtraq&m=99358249631139&w=2

Trust: 0.6

url:http://marc.theaimsgroup.com/?l=bugtraq&m=99436289015729&w=2

Trust: 0.6

url:http://xforce.iss.net/static/6750.php

Trust: 0.6

sources: VULHUB: VHN-3613 // CNNVD: CNNVD-200112-043 // NVD: CVE-2001-0806

CREDITS

Reported to bugtraq by kangoo <kangoo@saga-city.com> on June 26, 2001.

Trust: 0.3

sources: BID: 2930

SOURCES

db:VULHUBid:VHN-3613
db:BIDid:2930
db:CNNVDid:CNNVD-200112-043
db:NVDid:CVE-2001-0806

LAST UPDATE DATE

2024-08-14T14:29:37.773000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-3613date:2017-10-10T00:00:00
db:BIDid:2930date:2001-06-26T00:00:00
db:CNNVDid:CNNVD-200112-043date:2005-05-02T00:00:00
db:NVDid:CVE-2001-0806date:2017-10-10T01:29:53.217

SOURCES RELEASE DATE

db:VULHUBid:VHN-3613date:2001-12-06T00:00:00
db:BIDid:2930date:2001-06-26T00:00:00
db:CNNVDid:CNNVD-200112-043date:2001-12-06T00:00:00
db:NVDid:CVE-2001-0806date:2001-12-06T05:00:00