Details of VAR-200412-0059

ID

VAR-200412-0059

CVE

CVE-2004-0622

TITLE

Apple Mac OS X Getting sensitive information vulnerabilities

Trust: 0.6

sources: CNNVD: CNNVD-200412-059

DESCRIPTION

Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does not properly clear memory for login (aka Loginwindow.app), Keychain, or FileVault passwords, which could allow the root user or an attacker with physical access to obtain sensitive information by reading memory

Trust: 0.99

sources: NVD: CVE-2004-0622 // VULHUB: VHN-9052

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.4	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.4	Trust: 1.6

sources: CNNVD: CNNVD-200412-059 // NVD: CVE-2004-0622

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0622
value:	LOW
Trust: 1.0
CNNVD:	CNNVD-200412-059
value:	LOW
Trust: 0.6
VULHUB:	VHN-9052
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2004-0622
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-9052
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-9052 // CNNVD: CNNVD-200412-059 // NVD: CVE-2004-0622

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-0622

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200412-059

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200412-059

EXTERNAL IDS

db:	NVD	id:	CVE-2004-0622	Trust: 1.7
db:	CNNVD	id:	CNNVD-200412-059	Trust: 0.7
db:	BUGTRAQ	id:	20040625 MAC OS X STORES LOGIN/KEYCHAIN/FILEVAULT PASSWORDS ON DISK	Trust: 0.6
db:	BUGTRAQ	id:	20080228 LOGINWINDOW.APP AND MAC OS X	Trust: 0.6
db:	BUGTRAQ	id:	20080229 RE: LOGINWINDOW.APP AND MAC OS X	Trust: 0.6
db:	XF	id:	16557	Trust: 0.6
db:	BID	id:	83190	Trust: 0.1
db:	VULHUB	id:	VHN-9052	Trust: 0.1

sources: VULHUB: VHN-9052 // CNNVD: CNNVD-200412-059 // NVD: CVE-2004-0622

REFERENCES

url:	http://citp.princeton.edu/pub/coldboot.pdf	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/488930/100/100/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/488948/100/100/threaded	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/16557	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=108819559925981&w=2	Trust: 1.0
url:	http://xforce.iss.net/xforce/xfdb/16557	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/488948/100/100/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/488930/100/100/threaded	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=108819559925981&w=2	Trust: 0.6
url:	http://marc.info/?l=bugtraq&m=108819559925981&w=2	Trust: 0.1

sources: VULHUB: VHN-9052 // CNNVD: CNNVD-200412-059 // NVD: CVE-2004-0622

SOURCES

db:	VULHUB	id:	VHN-9052
db:	CNNVD	id:	CNNVD-200412-059
db:	NVD	id:	CVE-2004-0622

LAST UPDATE DATE

2024-08-14T14:59:24.875000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-9052	date:	2018-10-19T00:00:00
db:	CNNVD	id:	CNNVD-200412-059	date:	2008-12-24T00:00:00
db:	NVD	id:	CVE-2004-0622	date:	2018-10-19T15:30:08.127

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-9052	date:	2004-12-06T00:00:00
db:	CNNVD	id:	CNNVD-200412-059	date:	2004-12-06T00:00:00
db:	NVD	id:	CVE-2004-0622	date:	2004-12-06T05:00:00