Details of VAR-201003-0138

ID

VAR-201003-0138

CVE

CVE-2010-0058

TITLE

Apple Mac OS X of ClamAV Vulnerability in introducing viruses into systems

Trust: 0.8

sources: JVNDB: JVNDB-2010-001242

DESCRIPTION

freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd.plist ProgramArguments key and consequently does not run, which might allow remote attackers to introduce viruses into the system. Successful exploits will allow attackers to bypass virus scanning, possibly allowing malicious files to escape detection. This issue affects Mac OS X 10.5.8 and Mac OS X Server 10.5.8. It does not work because the wrong launchd.plist ProgramArguments key is set, allowing an attacker to bypass antivirus checks

Trust: 1.98

sources: NVD: CVE-2010-0058 // JVNDB: JVNDB-2010-001242 // BID: 39170 // VULHUB: VHN-42663

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.8	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.8	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.5.8	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.5.8	Trust: 0.8
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5	Trust: 0.3

sources: BID: 39170 // JVNDB: JVNDB-2010-001242 // CNNVD: CNNVD-201003-453 // NVD: CVE-2010-0058

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-0058
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2010-0058
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201003-453
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-42663
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2010-0058
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-42663
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-42663 // JVNDB: JVNDB-2010-001242 // CNNVD: CNNVD-201003-453 // NVD: CVE-2010-0058

PROBLEMTYPE DATA

problemtype:

CWE-16

Trust: 1.9

sources: VULHUB: VHN-42663 // JVNDB: JVNDB-2010-001242 // NVD: CVE-2010-0058

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201003-453

TYPE

Configuration Error

Trust: 0.9

sources: BID: 39170 // CNNVD: CNNVD-201003-453

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-001242

PATCH

title:	HT4077	url:	http://support.apple.com/kb/HT4077	Trust: 0.8
title:	HT4077	url:	http://support.apple.com/kb/HT4077?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2010-001242

EXTERNAL IDS

db:	NVD	id:	CVE-2010-0058	Trust: 2.8
db:	JVNDB	id:	JVNDB-2010-001242	Trust: 0.8
db:	CNNVD	id:	CNNVD-201003-453	Trust: 0.7
db:	NSFOCUS	id:	14715	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2010-03-29-1	Trust: 0.6
db:	BID	id:	39170	Trust: 0.4
db:	VULHUB	id:	VHN-42663	Trust: 0.1

sources: VULHUB: VHN-42663 // BID: 39170 // JVNDB: JVNDB-2010-001242 // CNNVD: CNNVD-201003-453 // NVD: CVE-2010-0058

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2010//mar/msg00001.html	Trust: 1.7
url:	http://support.apple.com/kb/ht4077	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0058	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0058	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/14715	Trust: 0.6
url:	http://www.apple.com/macosx/	Trust: 0.3

sources: VULHUB: VHN-42663 // BID: 39170 // JVNDB: JVNDB-2010-001242 // CNNVD: CNNVD-201003-453 // NVD: CVE-2010-0058

CREDITS

Michael KisorDamian Put pucik@cc-team.org

Trust: 0.6

sources: CNNVD: CNNVD-201003-453

SOURCES

db:	VULHUB	id:	VHN-42663
db:	BID	id:	39170
db:	JVNDB	id:	JVNDB-2010-001242
db:	CNNVD	id:	CNNVD-201003-453
db:	NVD	id:	CVE-2010-0058

LAST UPDATE DATE

2025-04-11T21:31:30.290000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-42663	date:	2010-03-31T00:00:00
db:	BID	id:	39170	date:	2010-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2010-001242	date:	2010-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201003-453	date:	2010-03-31T00:00:00
db:	NVD	id:	CVE-2010-0058	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-42663	date:	2010-03-30T00:00:00
db:	BID	id:	39170	date:	2010-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2010-001242	date:	2010-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201003-453	date:	2010-03-30T00:00:00
db:	NVD	id:	CVE-2010-0058	date:	2010-03-30T17:30:00.517