Details of VAR-200110-0141

ID

VAR-200110-0141

CVE

CVE-2001-1447

TITLE

Mac OS X executes 'recent items' with privileges of foreground application

Trust: 0.8

sources: CERT/CC: VU#945747

DESCRIPTION

NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) "recent items" and (2) "services" menus, which causes the applications to run with root privileges. As a result, an attacker can have arbitrary programs executed with root privileges. This problem is not exclusive to the 'Recent Items' list. The 'Services' menu is also prone to this issue. A vulnerability exists in NetInfo Manager for Mac OS X versions 10.0 through 10.1

Trust: 1.98

sources: NVD: CVE-2001-1447 // CERT/CC: VU#945747 // BID: 3439 // VULHUB: VHN-4251

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.4	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.1	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.3	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0.2	Trust: 1.6
vendor:	apple	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0	Trust: 0.3

sources: CERT/CC: VU#945747 // BID: 3439 // CNNVD: CNNVD-200110-052 // NVD: CVE-2001-1447

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-1447
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#945747
value:	10.50
Trust: 0.8
CNNVD:	CNNVD-200110-052
value:	HIGH
Trust: 0.6
VULHUB:	VHN-4251
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2001-1447
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-4251
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#945747 // VULHUB: VHN-4251 // CNNVD: CNNVD-200110-052 // NVD: CVE-2001-1447

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1447

THREAT TYPE

local

Trust: 0.9

sources: BID: 3439 // CNNVD: CNNVD-200110-052

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200110-052

EXTERNAL IDS

db:	BID	id:	3439	Trust: 2.8
db:	CERT/CC	id:	VU#945747	Trust: 2.5
db:	NVD	id:	CVE-2001-1447	Trust: 1.7
db:	CNNVD	id:	CNNVD-200110-052	Trust: 0.7
db:	BUGTRAQ	id:	20011017 MAC OS X SETUID ROOT SECURITY HOLE	Trust: 0.6
db:	BUGTRAQ	id:	20011017 RE: MAC OS X SETUID ROOT SECURITY HOLE	Trust: 0.6
db:	XF	id:	7303	Trust: 0.6
db:	CIAC	id:	M-007	Trust: 0.6
db:	VULHUB	id:	VHN-4251	Trust: 0.1

sources: CERT/CC: VU#945747 // VULHUB: VHN-4251 // BID: 3439 // CNNVD: CNNVD-200110-052 // NVD: CVE-2001-1447

REFERENCES

url:	http://www.securityfocus.com/bid/3439	Trust: 2.5
url:	http://www.ciac.org/ciac/bulletins/m-007.shtml	Trust: 2.5
url:	http://archives.neohapsis.com/archives/bugtraq/2001-10/0121.html	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2001-10/0130.html	Trust: 1.7
url:	http://www.kb.cert.org/vuls/id/945747	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/7303	Trust: 1.1
url:	http://www.stepwise.com/articles/admin/2001-10-15.01.html	Trust: 0.8
url:	http://www.apple.com/support/security/security_updates.html	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/7303	Trust: 0.6

sources: CERT/CC: VU#945747 // VULHUB: VHN-4251 // CNNVD: CNNVD-200110-052 // NVD: CVE-2001-1447

CREDITS

This vulnerability was submitted to BugTraq on October 17th, 2001 by rotaiv <rotaiv@biapo.com>.

Trust: 0.9

sources: BID: 3439 // CNNVD: CNNVD-200110-052

SOURCES

db:	CERT/CC	id:	VU#945747
db:	VULHUB	id:	VHN-4251
db:	BID	id:	3439
db:	CNNVD	id:	CNNVD-200110-052
db:	NVD	id:	CVE-2001-1447

LAST UPDATE DATE

2025-04-03T22:39:10.521000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#945747	date:	2001-11-05T00:00:00
db:	VULHUB	id:	VHN-4251	date:	2017-07-11T00:00:00
db:	BID	id:	3439	date:	2001-10-17T00:00:00
db:	CNNVD	id:	CNNVD-200110-052	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2001-1447	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#945747	date:	2001-11-05T00:00:00
db:	VULHUB	id:	VHN-4251	date:	2001-10-17T00:00:00
db:	BID	id:	3439	date:	2001-10-17T00:00:00
db:	CNNVD	id:	CNNVD-200110-052	date:	2001-10-17T00:00:00
db:	NVD	id:	CVE-2001-1447	date:	2001-10-17T04:00:00