Details of VAR-200311-0048

ID

VAR-200311-0048

CVE

CVE-2003-0876

TITLE

Apple Mac OS X Unsafe file permissions vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200311-014

DESCRIPTION

Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute permissions on directories when they are dragged (copied) from a mounted volume such as a disk image (DMG), which could cause the directories to have less restrictive permissions than intended. These issues may cumulatively allow an attacker to cause denial of service, arbitrary code execution, privilege escalation and unauthorized access. There are multiple instances in Apple Mac OS X where files are installed or created with insecure permissions or inappropriate permissions. This could permit local attackers to modify sensitive files or potentially even replace binaries, which could then be executed by another user. Mac OS X is an operating system used on Mac machines, based on the BSD system. The same happens when dragging a folder into a mounted DMG. This reset only occurs on directories, not file permissions. Because these directories contain applications, an attacker can overwrite any application with a Trojan horse. When executed by other high-privilege users, it will lead to privilege escalation. World-writable files include: - Application and supporting executables. - Directory - Shared Objects - Configuration Files - HTML and JavaScript These files mostly exist in the following directories: -/Applications -/Library/Application Support -/Library/StartupItems

Trust: 1.53

sources: NVD: CVE-2003-0876 // BID: 8917 // BID: 8916 // VULHUB: VHN-7701

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.6	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.0	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.5	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.8	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.7	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.2	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.4	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.3	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.8	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.2	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.7	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.3	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	apple	model:	mac os	scope:	ne	version:	x10.3	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.5	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.1	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.1	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.5	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.8	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.4	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.4	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.8	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.3	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.4	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.2	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.4	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.2	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.2	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.6	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.5	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.0	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.6	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.3	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.3	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.7	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.1	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.7	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.2	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.3	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.1	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1	Trust: 0.6

sources: BID: 8917 // BID: 8916 // CNNVD: CNNVD-200311-014 // NVD: CVE-2003-0876

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-0876
value:	LOW
Trust: 1.0
CNNVD:	CNNVD-200311-014
value:	LOW
Trust: 0.6
VULHUB:	VHN-7701
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2003-0876
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-7701
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-7701 // CNNVD: CNNVD-200311-014 // NVD: CVE-2003-0876

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0876

THREAT TYPE

local

Trust: 0.9

sources: BID: 8916 // CNNVD: CNNVD-200311-014

TYPE

Configuration Error

Trust: 0.9

sources: BID: 8916 // CNNVD: CNNVD-200311-014

EXTERNAL IDS

db:	BID	id:	8916	Trust: 2.0
db:	BID	id:	8917	Trust: 2.0
db:	NVD	id:	CVE-2003-0876	Trust: 2.0
db:	CNNVD	id:	CNNVD-200311-014	Trust: 0.7
db:	ATSTAKE	id:	A102803-1	Trust: 0.6
db:	XF	id:	13537	Trust: 0.6
db:	VULHUB	id:	VHN-7701	Trust: 0.1

sources: VULHUB: VHN-7701 // BID: 8917 // BID: 8916 // CNNVD: CNNVD-200311-014 // NVD: CVE-2003-0876

REFERENCES

url:	http://www.atstake.com/research/advisories/2003/a102803-1.txt	Trust: 1.7
url:	http://www.securityfocus.com/bid/8916	Trust: 1.7
url:	http://www.securityfocus.com/bid/8917	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/13537	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/13537	Trust: 0.6
url:	/archive/1/342730	Trust: 0.3

sources: VULHUB: VHN-7701 // BID: 8917 // CNNVD: CNNVD-200311-014 // NVD: CVE-2003-0876

CREDITS

@stake

Trust: 0.6

sources: CNNVD: CNNVD-200311-014

SOURCES

db:	VULHUB	id:	VHN-7701
db:	BID	id:	8917
db:	BID	id:	8916
db:	CNNVD	id:	CNNVD-200311-014
db:	NVD	id:	CVE-2003-0876

LAST UPDATE DATE

2024-08-14T15:31:13.859000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-7701	date:	2017-07-11T00:00:00
db:	BID	id:	8917	date:	2003-10-28T00:00:00
db:	BID	id:	8916	date:	2009-07-11T23:56:00
db:	CNNVD	id:	CNNVD-200311-014	date:	2006-03-28T00:00:00
db:	NVD	id:	CVE-2003-0876	date:	2017-07-11T01:29:37.743

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-7701	date:	2003-11-03T00:00:00
db:	BID	id:	8917	date:	2003-10-28T00:00:00
db:	BID	id:	8916	date:	2003-10-28T00:00:00
db:	CNNVD	id:	CNNVD-200311-014	date:	2003-10-28T00:00:00
db:	NVD	id:	CVE-2003-0876	date:	2003-11-03T05:00:00