Sign-up

ID

VAR-200311-0053


CVE

CVE-2003-0881


TITLE

Mac OS X Permission leak vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200311-003

DESCRIPTION

Mail in Mac OS X before 10.3, when configured to use MD5 Challenge Response, uses plaintext authentication if the CRAM-MD5 hashed login fails, which could allow remote attackers to gain privileges by sniffing the password. Mail in versions prior to Mac OS X 10.3 is vulnerable

Trust: 1.26

sources: NVD: CVE-2003-0881 // BID: 87748 // VULHUB: VHN-7706

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.3

Trust: 0.3

sources: BID: 87748 // CNNVD: CNNVD-200311-003 // NVD: CVE-2003-0881

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-0881
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200311-003
value: HIGH

Trust: 0.6

VULHUB: VHN-7706
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2003-0881
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-7706
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-7706 // CNNVD: CNNVD-200311-003 // NVD: CVE-2003-0881

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0881

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200311-003

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200311-003

EXTERNAL IDS

db:NVDid:CVE-2003-0881

Trust: 2.0

db:CNNVDid:CNNVD-200311-003

Trust: 0.7

db:BIDid:87748

Trust: 0.4

db:VULHUBid:VHN-7706

Trust: 0.1

sources: VULHUB: VHN-7706 // BID: 87748 // CNNVD: CNNVD-200311-003 // NVD: CVE-2003-0881

REFERENCES

url:http://docs.info.apple.com/article.html?artnum=61798

Trust: 2.0

url:http://lists.apple.com/mhonarc/security-announce/msg00038.html

Trust: 2.0

sources: VULHUB: VHN-7706 // BID: 87748 // CNNVD: CNNVD-200311-003 // NVD: CVE-2003-0881

CREDITS

Unknown

Trust: 0.3

sources: BID: 87748

SOURCES

db:VULHUBid:VHN-7706
db:BIDid:87748
db:CNNVDid:CNNVD-200311-003
db:NVDid:CVE-2003-0881

LAST UPDATE DATE

2024-08-14T13:51:18.400000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-7706date:2008-09-05T00:00:00
db:BIDid:87748date:2003-11-03T00:00:00
db:CNNVDid:CNNVD-200311-003date:2005-10-20T00:00:00
db:NVDid:CVE-2003-0881date:2008-09-05T20:35:30.327

SOURCES RELEASE DATE

db:VULHUBid:VHN-7706date:2003-11-03T00:00:00
db:BIDid:87748date:2003-11-03T00:00:00
db:CNNVDid:CNNVD-200311-003date:2003-11-03T00:00:00
db:NVDid:CVE-2003-0881date:2003-11-03T05:00:00