Details of VAR-200112-0107

ID

VAR-200112-0107

CVE

CVE-2001-1565

TITLE

Apple Mac OS X PPP Certificate Disclosure Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200112-189

DESCRIPTION

Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through 10.1.5 provides the username and password on the command line, which allows local users to obtain authentication information via the ps command. An issue has been reported in Mac OS X which could disclose the authentication information for a PPP connection. If a user has established a PPP connection, executing a ps command will not only display the information about current processes running, but will disclose the PPP username and password for Internet Connect

Trust: 1.26

sources: NVD: CVE-2001-1565 // BID: 3753 // VULHUB: VHN-4366

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.1	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.5	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.3	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.1	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.0	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.4	Trust: 1.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0	Trust: 0.3

sources: BID: 3753 // CNNVD: CNNVD-200112-189 // NVD: CVE-2001-1565

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-1565
value:	LOW
Trust: 1.0
CNNVD:	CNNVD-200112-189
value:	LOW
Trust: 0.6
VULHUB:	VHN-4366
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2001-1565
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-4366
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-4366 // CNNVD: CNNVD-200112-189 // NVD: CVE-2001-1565

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1565

THREAT TYPE

local

Trust: 0.9

sources: BID: 3753 // CNNVD: CNNVD-200112-189

TYPE

Design Error

Trust: 0.9

sources: BID: 3753 // CNNVD: CNNVD-200112-189

EXTERNAL IDS

db:	BID	id:	3753	Trust: 2.0
db:	NVD	id:	CVE-2001-1565	Trust: 1.7
db:	CNNVD	id:	CNNVD-200112-189	Trust: 0.7
db:	XF	id:	7750	Trust: 0.6
db:	MLIST	id:	[MACSEC] 20011229 MACOSX PPP	Trust: 0.6
db:	VULHUB	id:	VHN-4366	Trust: 0.1

sources: VULHUB: VHN-4366 // BID: 3753 // CNNVD: CNNVD-200112-189 // NVD: CVE-2001-1565

REFERENCES

url:	http://www.securityfocus.com/bid/3753	Trust: 1.7
url:	http://www.macsecurity.org/pipermail/macsec/2001-december/000299.html	Trust: 1.7
url:	http://www.iss.net/security_center/static/7750.php	Trust: 1.7
url:	http://www.macsecurity.org/pipermail/macsec/2001-december/000295.html	Trust: 0.3

sources: VULHUB: VHN-4366 // BID: 3753 // CNNVD: CNNVD-200112-189 // NVD: CVE-2001-1565

CREDITS

Discovered by Loukas Kalenderidis <loukas@uow.edu.au>.

Trust: 0.9

sources: BID: 3753 // CNNVD: CNNVD-200112-189

SOURCES

db:	VULHUB	id:	VHN-4366
db:	BID	id:	3753
db:	CNNVD	id:	CNNVD-200112-189
db:	NVD	id:	CVE-2001-1565

LAST UPDATE DATE

2025-04-03T22:39:10.429000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-4366	date:	2008-09-05T00:00:00
db:	BID	id:	3753	date:	2001-12-28T00:00:00
db:	CNNVD	id:	CNNVD-200112-189	date:	2006-01-27T00:00:00
db:	NVD	id:	CVE-2001-1565	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-4366	date:	2001-12-31T00:00:00
db:	BID	id:	3753	date:	2001-12-28T00:00:00
db:	CNNVD	id:	CNNVD-200112-189	date:	2001-12-31T00:00:00
db:	NVD	id:	CVE-2001-1565	date:	2001-12-31T05:00:00