Details of VAR-200303-0096

ID

VAR-200303-0096

CVE

CVE-2003-0049

TITLE

Apple File protocol iDrive Administrator login vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200303-017

DESCRIPTION

Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows administrators to log in as other users by using the administrator password. This may result in the disclosure of sensitive information if data is intercepted. Further details about this issue are not known at this time. This BID will be updated as further information becomes available. Remote attackers can use this vulnerability to obtain administrator authentication information by intercepting communication data. No detailed vulnerability details have been obtained so far

Trust: 1.26

sources: NVD: CVE-2003-0049 // BID: 6860 // VULHUB: VHN-6879

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.1	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.3	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.1	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.2	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.3	Trust: 1.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	ne	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.2.4	Trust: 0.3

sources: BID: 6860 // CNNVD: CNNVD-200303-017 // NVD: CVE-2003-0049

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-0049
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200303-017
value:	HIGH
Trust: 0.6
VULHUB:	VHN-6879
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2003-0049
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-6879
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-6879 // CNNVD: CNNVD-200303-017 // NVD: CVE-2003-0049

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0049

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200303-017

TYPE

Configuration Error

Trust: 0.9

sources: BID: 6860 // CNNVD: CNNVD-200303-017

EXTERNAL IDS

db:	BID	id:	6860	Trust: 2.0
db:	NVD	id:	CVE-2003-0049	Trust: 2.0
db:	SECTRACK	id:	1006107	Trust: 1.7
db:	CNNVD	id:	CNNVD-200303-017	Trust: 0.7
db:	XF	id:	11333	Trust: 0.6
db:	VULHUB	id:	VHN-6879	Trust: 0.1

sources: VULHUB: VHN-6879 // BID: 6860 // CNNVD: CNNVD-200303-017 // NVD: CVE-2003-0049

REFERENCES

url:	http://www.securityfocus.com/bid/6860	Trust: 1.7
url:	http://docs.info.apple.com/article.html?artnum=61798	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2003/feb/25/applesa20030225macosx102.txt	Trust: 1.7
url:	http://securitytracker.com/id?1006107	Trust: 1.7
url:	http://www.iss.net/security_center/static/11333.php	Trust: 1.7
url:	http://www.info.apple.com/usen/security/security_updates.html	Trust: 0.3

sources: VULHUB: VHN-6879 // BID: 6860 // CNNVD: CNNVD-200303-017 // NVD: CVE-2003-0049

CREDITS

Apple Security Updates

Trust: 0.6

sources: CNNVD: CNNVD-200303-017

SOURCES

db:	VULHUB	id:	VHN-6879
db:	BID	id:	6860
db:	CNNVD	id:	CNNVD-200303-017
db:	NVD	id:	CVE-2003-0049

LAST UPDATE DATE

2024-08-14T15:09:56.828000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-6879	date:	2008-09-11T00:00:00
db:	BID	id:	6860	date:	2009-07-11T20:06:00
db:	CNNVD	id:	CNNVD-200303-017	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2003-0049	date:	2008-09-11T00:05:26.757

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-6879	date:	2003-03-03T00:00:00
db:	BID	id:	6860	date:	2003-02-14T00:00:00
db:	CNNVD	id:	CNNVD-200303-017	date:	2003-02-14T00:00:00
db:	NVD	id:	CVE-2003-0049	date:	2003-03-03T05:00:00