Details of VAR-201110-0429

ID

VAR-201110-0429

CVE

CVE-2011-3225

TITLE

Apple Mac OS X of SMB Vulnerability that bypasses browsing restrictions in file server components

Trust: 0.8

sources: JVNDB: JVNDB-2011-002512

DESCRIPTION

The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 does not prevent all guest users from accessing the share point record of a guest-restricted folder, which allows remote attackers to bypass intended browsing restrictions by leveraging access to the nobody account. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2011-006. The update addresses new vulnerabilities that affect Application Firewall, ATS, CFNetwork, CoreMedia, CoreProcesses, CoreStorage, File Systems, IOGraphics, Kernel, MediaKit, Open Directory, QuickTime, SMB File Server, User Documentation, and libsecurity. These issues affect OS X prior to 10.7.2. An attacker can exploit this issue to bypass certain security restrictions and gain access to sensitive information. Apple has released updates to address these vulnerabilities. I. Apple has released updates to address these vulnerabilities. II. Impact A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system. III. This advisory describes any known issues related to the updates and the specific impacts for each vulnerability. Administrators are encouraged to note these issues and impacts and test for any potentially adverse effects before wide-scale deployment. IV. Please send email to <cert@cert.org> with "TA11-286A Feedback VU#421739" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2011 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History October 13, 2011: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTpb8zj/GkGVXE7GMAQI21Af/SHWzIangqPW9vtuG/MQWSBMy9nG4wIZS DUEAWBEMPTKF3fLrIy6TVpRLN3q/q4dCYXzM4lec4IzKvEbV/bUyg15xEfYdxB0v s/vARGNwf7tjSbjo+PaHLuSZ1HLn/GLO3CXaf+ut/Kb8y9Fsir5klMgrCX/N0JkY dLoV9R6zGs1aQzmF9ULB1IQ2/lUkg6CGnyARh0prfhRFwKfu7NZXb8yz5ex68q6V NF6j9l+XK0Cl4K7R+0ESD4e47jLCg6iN175O8VzrlxiRvBRAyTaFycdMB4uSkmii xu8SqU2QFhsIJy8J+i1Bb6kuWkaxAnUbxO4tRrmXoqTXl9m0CtpnWA== =3Wp2 -----END PGP SIGNATURE-----

Trust: 2.43

sources: NVD: CVE-2011-3225 // JVNDB: JVNDB-2011-002512 // BID: 50085 // BID: 50144 // VULHUB: VHN-51170 // VULMON: CVE-2011-3225 // PACKETSTORM: 105790

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x server	scope:	eq	version:	10.7.1	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.7.0	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.7.1	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.7.0	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.7 and v10.7.1	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.7 and v10.7.1	Trust: 0.8
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7.1	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7	Trust: 0.6
vendor:	apple	model:	mac os	scope:	ne	version:	x10.7.2	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	ne	version:	x10.7.2	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.1	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7	Trust: 0.3

sources: BID: 50085 // BID: 50144 // JVNDB: JVNDB-2011-002512 // CNNVD: CNNVD-201110-320 // NVD: CVE-2011-3225

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-3225
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-3225
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201110-320
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-51170
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2011-3225
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-3225
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-51170
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-51170 // VULMON: CVE-2011-3225 // JVNDB: JVNDB-2011-002512 // CNNVD: CNNVD-201110-320 // NVD: CVE-2011-3225

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-51170 // JVNDB: JVNDB-2011-002512 // NVD: CVE-2011-3225

THREAT TYPE

network

Trust: 0.6

sources: BID: 50085 // BID: 50144

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201110-320

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-002512

PATCH

title:	HT5002	url:	http://support.apple.com/kb/HT5002	Trust: 0.8
title:	MacOSXUpd10.7.2	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=40902	Trust: 0.6
title:	MacOSXServerUpd10.7.2	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=40901	Trust: 0.6

sources: JVNDB: JVNDB-2011-002512 // CNNVD: CNNVD-201110-320

EXTERNAL IDS

db:	NVD	id:	CVE-2011-3225	Trust: 3.2
db:	BID	id:	50085	Trust: 1.5
db:	OSVDB	id:	76376	Trust: 1.2
db:	USCERT	id:	TA11-286A	Trust: 0.9
db:	JVNDB	id:	JVNDB-2011-002512	Trust: 0.8
db:	CNNVD	id:	CNNVD-201110-320	Trust: 0.7
db:	SECUNIA	id:	46417	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2011-10-12-3	Trust: 0.6
db:	BID	id:	50144	Trust: 0.5
db:	VULHUB	id:	VHN-51170	Trust: 0.1
db:	VULMON	id:	CVE-2011-3225	Trust: 0.1
db:	PACKETSTORM	id:	105790	Trust: 0.1

sources: VULHUB: VHN-51170 // VULMON: CVE-2011-3225 // BID: 50085 // BID: 50144 // JVNDB: JVNDB-2011-002512 // PACKETSTORM: 105790 // CNNVD: CNNVD-201110-320 // NVD: CVE-2011-3225

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2011//oct/msg00003.html	Trust: 1.8
url:	http://support.apple.com/kb/ht5002	Trust: 1.8
url:	http://www.securityfocus.com/bid/50085	Trust: 1.2
url:	http://osvdb.org/76376	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3225	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu971123	Trust: 0.8
url:	http://jvn.jp/cert/jvnta11-286a	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3225	Trust: 0.8
url:	http://www.us-cert.gov/cas/techalerts/ta11-286a.html	Trust: 0.8
url:	http://www.apple.com/macosx/	Trust: 0.6
url:	http://secunia.com/advisories/46417	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/264.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/50144	Trust: 0.1
url:	http://www.us-cert.gov/cas/techalerts/ta11-286a.html>	Trust: 0.1
url:	http://support.apple.com/kb/ht1338>	Trust: 0.1
url:	http://support.apple.com/kb/ht5002>	Trust: 0.1
url:	http://www.us-cert.gov/cas/signup.html>.	Trust: 0.1
url:	http://www.us-cert.gov/legal.html>	Trust: 0.1

CREDITS

Anonymous, Apple, Will Dormann of the CERT/CC, Steven Michaud of Mozilla, Martin Tessarek, Steve Riggins of Geeks R Us, Justin C. Walker, Stephen Creswell, Erling Ellingsen of Facebook, Clint Tseng of the University of Washington, Michael Kobb, Adam Kemp,

Trust: 0.3

sources: BID: 50085

SOURCES

db:	VULHUB	id:	VHN-51170
db:	VULMON	id:	CVE-2011-3225
db:	BID	id:	50085
db:	BID	id:	50144
db:	JVNDB	id:	JVNDB-2011-002512
db:	PACKETSTORM	id:	105790
db:	CNNVD	id:	CNNVD-201110-320
db:	NVD	id:	CVE-2011-3225

LAST UPDATE DATE

2024-11-23T20:20:26.365000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-51170	date:	2012-01-14T00:00:00
db:	VULMON	id:	CVE-2011-3225	date:	2012-01-14T00:00:00
db:	BID	id:	50085	date:	2011-10-12T00:00:00
db:	BID	id:	50144	date:	2011-10-12T00:00:00
db:	JVNDB	id:	JVNDB-2011-002512	date:	2011-10-26T00:00:00
db:	CNNVD	id:	CNNVD-201110-320	date:	2011-10-17T00:00:00
db:	NVD	id:	CVE-2011-3225	date:	2024-11-21T01:30:01.400

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-51170	date:	2011-10-14T00:00:00
db:	VULMON	id:	CVE-2011-3225	date:	2011-10-14T00:00:00
db:	BID	id:	50085	date:	2011-10-12T00:00:00
db:	BID	id:	50144	date:	2011-10-12T00:00:00
db:	JVNDB	id:	JVNDB-2011-002512	date:	2011-10-26T00:00:00
db:	PACKETSTORM	id:	105790	date:	2011-10-14T05:50:20
db:	CNNVD	id:	CNNVD-201110-320	date:	2011-10-17T00:00:00
db:	NVD	id:	CVE-2011-3225	date:	2011-10-14T10:55:09.167