Details of VAR-200505-0225

ID

VAR-200505-0225

CVE

CVE-2005-1472

TITLE

Apple Mac OS X Local file name information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200505-1129

DESCRIPTION

Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce the permissions of certain directories without the POSIX read bit set, but with the execute bits set for group or other, which allows local users to list files in otherwise restricted directories. Apple Mac OS X is susceptible to a local information disclosure vulnerability. This is due to a failure of the operating system to properly implement POSIX permissions checking in certain circumstances. This vulnerability allows local attackers to retrieve normally forbidden names contained in directories. This scenario is commonly used to obscure access to public directories (such as '~/Public/Drop Box') for security reasons, as users are required to have knowledge about already existing files contained in these directories to be able to access them

Trust: 1.26

sources: NVD: CVE-2005-1472 // BID: 13695 // VULHUB: VHN-12681

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.1	Trust: 1.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	ne	version:	x10.4.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.4.1	Trust: 0.3

sources: BID: 13695 // CNNVD: CNNVD-200505-1129 // NVD: CVE-2005-1472

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-1472
value:	LOW
Trust: 1.0
CNNVD:	CNNVD-200505-1129
value:	LOW
Trust: 0.6
VULHUB:	VHN-12681
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2005-1472
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-12681
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-12681 // CNNVD: CNNVD-200505-1129 // NVD: CVE-2005-1472

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-1472

THREAT TYPE

local

Trust: 0.9

sources: BID: 13695 // CNNVD: CNNVD-200505-1129

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200505-1129

EXTERNAL IDS

db:	NVD	id:	CVE-2005-1472	Trust: 2.0
db:	CNNVD	id:	CNNVD-200505-1129	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2005-05-19	Trust: 0.6
db:	BID	id:	13695	Trust: 0.4
db:	VULHUB	id:	VHN-12681	Trust: 0.1

sources: VULHUB: VHN-12681 // BID: 13695 // CNNVD: CNNVD-200505-1129 // NVD: CVE-2005-1472

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2005/may/msg00004.html	Trust: 1.7
url:	http://www.info.apple.com/usen/security/security_updates.html	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3

sources: VULHUB: VHN-12681 // BID: 13695 // CNNVD: CNNVD-200505-1129 // NVD: CVE-2005-1472

CREDITS

John M. Glenn of San Francisco is credited with the discovery of this issue.

Trust: 0.9

sources: BID: 13695 // CNNVD: CNNVD-200505-1129

SOURCES

db:	VULHUB	id:	VHN-12681
db:	BID	id:	13695
db:	CNNVD	id:	CNNVD-200505-1129
db:	NVD	id:	CVE-2005-1472

LAST UPDATE DATE

2024-08-14T13:40:13.119000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-12681	date:	2008-09-05T00:00:00
db:	BID	id:	13695	date:	2009-07-12T14:56:00
db:	CNNVD	id:	CNNVD-200505-1129	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-1472	date:	2008-09-05T20:49:15.810

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-12681	date:	2005-05-19T00:00:00
db:	BID	id:	13695	date:	2005-05-20T00:00:00
db:	CNNVD	id:	CNNVD-200505-1129	date:	2005-05-19T00:00:00
db:	NVD	id:	CVE-2005-1472	date:	2005-05-19T04:00:00