Sign-up

ID

VAR-200212-0329


CVE

CVE-2002-1898


TITLE

Apple Mac OS X Terminal.APP Telnet Connect local command execution vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200212-702

DESCRIPTION

Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a telnet:// link, which is executed by Terminal.app window. Mac OS X is the BSD-based operating system distributed and maintained by Apple. It has been discovered that some types of links, when clicked on, may result in the execution of arbitrary commands. Due to the improper handling of some links, a user clicking on a link containing special characters and embedded commands could cause the execution of the commands in the link to be carried out in a terminal.app window. These commands would be executed in the security context of the user. Because Mac OS X does not properly check the content of some connection types, a local attacker can exploit this vulnerability to elevate privileges

Trust: 1.26

sources: NVD: CVE-2002-1898 // BID: 5768 // VULHUB: VHN-6281

AFFECTED PRODUCTS

vendor:applemodel:terminalscope:ltversion:1.3.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.2

Trust: 0.3

sources: BID: 5768 // CNNVD: CNNVD-200212-702 // NVD: CVE-2002-1898

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-1898
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200212-702
value: HIGH

Trust: 0.6

VULHUB: VHN-6281
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2002-1898
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-6281
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-6281 // CNNVD: CNNVD-200212-702 // NVD: CVE-2002-1898

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

sources: NVD: CVE-2002-1898

THREAT TYPE

local

Trust: 0.9

sources: BID: 5768 // CNNVD: CNNVD-200212-702

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200212-702

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-6281

EXTERNAL IDS
db:BIDid:5768
Trust: 2.0
db:NVDid:CVE-2002-1898
Trust: 1.7
db:NSFOCUSid:3585
Trust: 0.6
db:APPLEid:2002-09-20
Trust: 0.6
db:XFid:10156
Trust: 0.6
db:CNNVDid:CNNVD-200212-702
Trust: 0.6
db:SEEBUGid:SSVID-75636
Trust: 0.1
db:EXPLOIT-DBid:21815
Trust: 0.1
db:VULHUBid:VHN-6281
Trust: 0.1
sources:
            
            
            VULHUB: VHN-6281 // 
            
            
            
            BID: 5768 // 
            
            
            
            CNNVD: CNNVD-200212-702 // 
            
            
            
            NVD: CVE-2002-1898

REFERENCES
url:http://lists.apple.com/archives/security-announce/2002/sep/msg00001.html
Trust: 1.7
url:http://www.securityfocus.com/bid/5768
Trust: 1.7
url:http://apple.slashdot.org/apple/02/09/21/122236.shtml?tid=172
Trust: 1.7
url:http://www.iss.net/security_center/static/10156.php
Trust: 1.7
url:http://www.nsfocus.net/vulndb/3585
Trust: 0.6
url:http://docs.info.apple.com/article.html?artnum=120150
Trust: 0.3
url:http://www.info.apple.com/usen/security/security_updates.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-6281 // 
            
            
            
            BID: 5768 // 
            
            
            
            CNNVD: CNNVD-200212-702 // 
            
            
            
            NVD: CVE-2002-1898

CREDITS
Taiyo Fujiiā€» taiyo@vinet.or.jp
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200212-702

SOURCES
db:VULHUBid:VHN-6281
db:BIDid:5768
db:CNNVDid:CNNVD-200212-702
db:NVDid:CVE-2002-1898

LAST UPDATE DATE
2025-04-03T22:30:54.401000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-6281date:2008-09-05T00:00:00
db:BIDid:5768date:2002-09-21T00:00:00
db:CNNVDid:CNNVD-200212-702date:2005-10-20T00:00:00
db:NVDid:CVE-2002-1898date:2025-04-03T01:03:51.193

SOURCES RELEASE DATE
db:VULHUBid:VHN-6281date:2002-12-31T00:00:00
db:BIDid:5768date:2002-09-21T00:00:00
db:CNNVDid:CNNVD-200212-702date:2002-09-21T00:00:00
db:NVDid:CVE-2002-1898date:2002-12-31T05:00:00