Details of VAR-200502-0013

ID

VAR-200502-0013

CVE

CVE-2004-0962

TITLE

Apple Remote Desktop Client Local Privilege Escalation Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200502-043

DESCRIPTION

Apple Remote Desktop Client 1.2.4 executes a GUI application as root when it is started by an Apple Remote Desktop Administrator application, which allows remote authenticated users to execute arbitrary code when loginwindow is active via Fast User Switching. The issue is due to a design error that fails to activate applications with the correct privileges. This issue may allow a local attacker to gain superuser privileges on the affected computer. Vendor reports require Fast User Switching to be enabled to be affected by this vulnerability

Trust: 1.26

sources: NVD: CVE-2004-0962 // BID: 11554 // VULHUB: VHN-9392

AFFECTED PRODUCTS

vendor:	apple	model:	remote desktop	scope:	eq	version:	2.0.0	Trust: 1.6
vendor:	apple	model:	remote desktop	scope:	eq	version:	2.0	Trust: 0.9
vendor:	apple	model:	remote desktop	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	remote desktop	scope:	ne	version:	2.1	Trust: 0.3

sources: BID: 11554 // CNNVD: CNNVD-200502-043 // NVD: CVE-2004-0962

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0962
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200502-043
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-9392
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-0962
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-9392
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-9392 // CNNVD: CNNVD-200502-043 // NVD: CVE-2004-0962

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-0962

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200502-043

TYPE

Design Error

Trust: 0.9

sources: BID: 11554 // CNNVD: CNNVD-200502-043

EXTERNAL IDS

db:	NVD	id:	CVE-2004-0962	Trust: 2.0
db:	CNNVD	id:	CNNVD-200502-043	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2004-10-27	Trust: 0.6
db:	BID	id:	11554	Trust: 0.4
db:	VULHUB	id:	VHN-9392	Trust: 0.1

sources: VULHUB: VHN-9392 // BID: 11554 // CNNVD: CNNVD-200502-043 // NVD: CVE-2004-0962

REFERENCES

url:

http://lists.apple.com/archives/security-announce/2004/oct/msg00002.html

Trust: 1.7

sources: VULHUB: VHN-9392 // CNNVD: CNNVD-200502-043 // NVD: CVE-2004-0962

CREDITS

Apple

Trust: 0.6

sources: CNNVD: CNNVD-200502-043

SOURCES

db:	VULHUB	id:	VHN-9392
db:	BID	id:	11554
db:	CNNVD	id:	CNNVD-200502-043
db:	NVD	id:	CVE-2004-0962

LAST UPDATE DATE

2024-08-14T13:03:43.567000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-9392	date:	2018-10-30T00:00:00
db:	BID	id:	11554	date:	2009-07-12T08:06:00
db:	CNNVD	id:	CNNVD-200502-043	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-0962	date:	2018-10-30T16:25:17.747

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-9392	date:	2005-02-09T00:00:00
db:	BID	id:	11554	date:	2004-10-27T00:00:00
db:	CNNVD	id:	CNNVD-200502-043	date:	2004-10-27T00:00:00
db:	NVD	id:	CVE-2004-0962	date:	2005-02-09T05:00:00