Details of VAR-200311-0086

ID

VAR-200311-0086

CVE

CVE-2001-1411

TITLE

Mac OS X utility gm4 contains format string vulnerability

Trust: 0.8

sources: CERT/CC: VU#147587

DESCRIPTION

Format string vulnerability in gm4 (aka m4) on Mac OS X may allow local users to gain privileges if gm4 is called by setuid programs. Mac OS X is prone to a local security vulnerability. If gm4 is accessed by a setuid program, local users can elevate privileges

Trust: 2.25

sources: NVD: CVE-2001-1411 // CERT/CC: VU#147587 // BID: 89706 // BID: 89639 // VULHUB: VHN-4215

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.9	Trust: 1.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.9	Trust: 0.6

sources: BID: 89706 // BID: 89639 // CNNVD: CNNVD-200311-059 // NVD: CVE-2001-1411

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-1411
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#147587
value:	7.70
Trust: 0.8
CNNVD:	CNNVD-200311-059
value:	HIGH
Trust: 0.6
VULHUB:	VHN-4215
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2001-1411
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-4215
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#147587 // VULHUB: VHN-4215 // CNNVD: CNNVD-200311-059 // NVD: CVE-2001-1411

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1411

THREAT TYPE

local

Trust: 1.2

sources: BID: 89706 // BID: 89639 // CNNVD: CNNVD-200311-059

TYPE

Failure to Handle Exceptional Conditions

Trust: 0.6

sources: BID: 89706 // BID: 89639

EXTERNAL IDS

db:	CERT/CC	id:	VU#147587	Trust: 3.1
db:	NVD	id:	CVE-2001-1411	Trust: 2.3
db:	CNNVD	id:	CNNVD-200311-059	Trust: 0.7
db:	XF	id:	4	Trust: 0.6
db:	BUGTRAQ	id:	20011020 GM4 FORMAT STRINGS ON OSX	Trust: 0.6
db:	BID	id:	89706	Trust: 0.4
db:	BID	id:	89639	Trust: 0.4
db:	VULHUB	id:	VHN-4215	Trust: 0.1

sources: CERT/CC: VU#147587 // VULHUB: VHN-4215 // BID: 89706 // BID: 89639 // CNNVD: CNNVD-200311-059 // NVD: CVE-2001-1411

REFERENCES

url:	http://www.kb.cert.org/vuls/id/147587	Trust: 2.3
url:	http://lists.apple.com/mhonarc/security-announce/msg00038.html	Trust: 2.3
url:	http://www.iss.net/security_center/static/10174.php	Trust: 2.3
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=100368233714229&w=2	Trust: 1.2
url:	http://marc.info/?l=bugtraq&m=100368233714229&w=2	Trust: 1.0
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://marc.info/?l=bugtraq&m=100368233714229&w=2	Trust: 0.1

sources: CERT/CC: VU#147587 // VULHUB: VHN-4215 // BID: 89706 // BID: 89639 // CNNVD: CNNVD-200311-059 // NVD: CVE-2001-1411

CREDITS

Unknown

Trust: 0.6

sources: BID: 89706 // BID: 89639

SOURCES

db:	CERT/CC	id:	VU#147587
db:	VULHUB	id:	VHN-4215
db:	BID	id:	89706
db:	BID	id:	89639
db:	CNNVD	id:	CNNVD-200311-059
db:	NVD	id:	CVE-2001-1411

LAST UPDATE DATE

2025-04-03T21:46:26.491000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#147587	date:	2003-04-11T00:00:00
db:	VULHUB	id:	VHN-4215	date:	2016-10-18T00:00:00
db:	BID	id:	89706	date:	2003-11-17T00:00:00
db:	BID	id:	89639	date:	2003-11-17T00:00:00
db:	CNNVD	id:	CNNVD-200311-059	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2001-1411	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#147587	date:	2002-09-23T00:00:00
db:	VULHUB	id:	VHN-4215	date:	2003-11-17T00:00:00
db:	BID	id:	89706	date:	2003-11-17T00:00:00
db:	BID	id:	89639	date:	2003-11-17T00:00:00
db:	CNNVD	id:	CNNVD-200311-059	date:	2003-11-17T00:00:00
db:	NVD	id:	CVE-2001-1411	date:	2003-11-17T05:00:00