Sign-up

ID

VAR-200412-0025


CVE

CVE-2004-0824


TITLE

Apple PPPDialer Unsafe log file creation symbolic link vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200412-633

DESCRIPTION

PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to overwrite system files via a symlink attack on PPPDialer log files. The Apple PPPDialer utility is reported to contain an insecure log file creation vulnerability. The result of this is that log files created by the application are created in a world writeable location. A local attacker may possibly exploit this vulnerability to execute symbolic link file overwrite attacks. Privilege escalation may be possible using this method of attack, if the attacker can control the data that is being written to the target file. The PPPDialer for Mac OS X versions 10.2.8 through 10.3.5 is vulnerable

Trust: 1.26

sources: NVD: CVE-2004-0824 // BID: 11139 // VULHUB: VHN-9254

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.3.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.3.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.3.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.3.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.2.8

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.3.5

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.3

Trust: 1.6

vendor:applemodel:mac os serverscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.8

Trust: 0.3

sources: BID: 11139 // CNNVD: CNNVD-200412-633 // NVD: CVE-2004-0824

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-0824
value: LOW

Trust: 1.0

CNNVD: CNNVD-200412-633
value: LOW

Trust: 0.6

VULHUB: VHN-9254
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2004-0824
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-9254
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-9254 // CNNVD: CNNVD-200412-633 // NVD: CVE-2004-0824

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-0824

THREAT TYPE

local

Trust: 0.9

sources: BID: 11139 // CNNVD: CNNVD-200412-633

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200412-633

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-9254

EXTERNAL IDS
db:NVDid:CVE-2004-0824
Trust: 2.0
db:BIDid:11139
Trust: 2.0
db:AUSCERTid:ESB-2004.0559
Trust: 1.7
db:SECTRACKid:1011175
Trust: 1.7
db:CNNVDid:CNNVD-200412-633
Trust: 0.7
db:APPLEid:APPLE-SA-2004-09-07
Trust: 0.6
db:CIACid:O-212
Trust: 0.6
db:XFid:17298
Trust: 0.6
db:EXPLOIT-DBid:367
Trust: 0.1
db:VULHUBid:VHN-9254
Trust: 0.1
sources:
            
            
            VULHUB: VHN-9254 // 
            
            
            
            BID: 11139 // 
            
            
            
            CNNVD: CNNVD-200412-633 // 
            
            
            
            NVD: CVE-2004-0824

REFERENCES
url:http://www.securityfocus.com/advisories/7148
Trust: 1.7
url:http://www.auscert.org.au/render.html?it=4363
Trust: 1.7
url:http://www.securityfocus.com/bid/11139
Trust: 1.7
url:http://www.ciac.org/ciac/bulletins/o-212.shtml
Trust: 1.7
url:http://securitytracker.com/id?1011175
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/17298
Trust: 1.1
url:http://xforce.iss.net/xforce/xfdb/17298
Trust: 0.6
sources:
            
            
            VULHUB: VHN-9254 // 
            
            
            
            CNNVD: CNNVD-200412-633 // 
            
            
            
            NVD: CVE-2004-0824

CREDITS
This vulnerability was announced in a vendor advisory.
Trust: 0.9
sources:
            
            
            BID: 11139 // 
            
            
            
            CNNVD: CNNVD-200412-633

SOURCES
db:VULHUBid:VHN-9254
db:BIDid:11139
db:CNNVDid:CNNVD-200412-633
db:NVDid:CVE-2004-0824

LAST UPDATE DATE
2024-08-14T12:17:53.893000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-9254date:2017-07-11T00:00:00
db:BIDid:11139date:2009-07-12T07:06:00
db:CNNVDid:CNNVD-200412-633date:2005-10-20T00:00:00
db:NVDid:CVE-2004-0824date:2017-07-11T01:30:30.463

SOURCES RELEASE DATE
db:VULHUBid:VHN-9254date:2004-12-31T00:00:00
db:BIDid:11139date:2004-09-07T00:00:00
db:CNNVDid:CNNVD-200412-633date:2004-12-31T00:00:00
db:NVDid:CVE-2004-0824date:2004-12-31T05:00:00