Details of VAR-201003-0217

ID

VAR-201003-0217

CVE

CVE-2010-0512

TITLE

Apple Mac OS X of Vulnerability that bypasses access restrictions in the implementation of account preferences

Trust: 0.8

sources: JVNDB: JVNDB-2010-001268

DESCRIPTION

The Accounts Preferences implementation in Apple Mac OS X 10.6 before 10.6.3, when a network account server is used, does not support Login Window access control that is based solely on group membership, which allows attackers to bypass intended access restrictions by entering login credentials. .An attacker could bypass access restrictions by entering login credentials. Apple Mac OS X is prone to an authentication-bypass vulnerability that affects the Preferences component. An attacker can exploit this issue to gain unauthorized access to the affected computer. Succesful exploits may lead to other attacks. NOTE: This issue was previously covered in BID 39020 (Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security Vulnerabilities) but has been assigned its own record to better document it

Trust: 1.98

sources: NVD: CVE-2010-0512 // JVNDB: JVNDB-2010-001268 // BID: 39153 // VULHUB: VHN-43117

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.6.2	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.6.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.6.1	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.6.1	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.6.0	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.6.0	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.6 to v10.6.2	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.6 to v10.6.2	Trust: 0.8
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	ne	version:	x10.6.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.6.3	Trust: 0.3

sources: BID: 39153 // JVNDB: JVNDB-2010-001268 // CNNVD: CNNVD-201003-474 // NVD: CVE-2010-0512

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-0512
value:	HIGH
Trust: 1.0
NVD:	CVE-2010-0512
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201003-474
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-43117
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2010-0512
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-43117
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-43117 // JVNDB: JVNDB-2010-001268 // CNNVD: CNNVD-201003-474 // NVD: CVE-2010-0512

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-43117 // JVNDB: JVNDB-2010-001268 // NVD: CVE-2010-0512

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201003-474

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201003-474

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-001268

PATCH

title:	HT4077	url:	http://support.apple.com/kb/HT4077	Trust: 0.8
title:	HT4077	url:	http://support.apple.com/kb/HT4077?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2010-001268

EXTERNAL IDS

db:	NVD	id:	CVE-2010-0512	Trust: 2.8
db:	BID	id:	39153	Trust: 1.4
db:	JVNDB	id:	JVNDB-2010-001268	Trust: 0.8
db:	CNNVD	id:	CNNVD-201003-474	Trust: 0.7
db:	NSFOCUS	id:	14715	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2010-03-29-1	Trust: 0.6
db:	VULHUB	id:	VHN-43117	Trust: 0.1

sources: VULHUB: VHN-43117 // BID: 39153 // JVNDB: JVNDB-2010-001268 // CNNVD: CNNVD-201003-474 // NVD: CVE-2010-0512

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2010//mar/msg00001.html	Trust: 1.7
url:	http://support.apple.com/kb/ht4077	Trust: 1.7
url:	http://www.securityfocus.com/bid/39153	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0512	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0512	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/14715	Trust: 0.6
url:	http://www.apple.com/macosx/	Trust: 0.3

sources: VULHUB: VHN-43117 // BID: 39153 // JVNDB: JVNDB-2010-001268 // CNNVD: CNNVD-201003-474 // NVD: CVE-2010-0512

CREDITS

Michael KisorDamian Put <pucik@cc-team.org>

Trust: 0.6

sources: CNNVD: CNNVD-201003-474

SOURCES

db:	VULHUB	id:	VHN-43117
db:	BID	id:	39153
db:	JVNDB	id:	JVNDB-2010-001268
db:	CNNVD	id:	CNNVD-201003-474
db:	NVD	id:	CVE-2010-0512

LAST UPDATE DATE

2025-04-11T22:39:27.896000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-43117	date:	2010-05-21T00:00:00
db:	BID	id:	39153	date:	2010-04-07T18:42:00
db:	JVNDB	id:	JVNDB-2010-001268	date:	2010-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201003-474	date:	2010-03-31T00:00:00
db:	NVD	id:	CVE-2010-0512	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-43117	date:	2010-03-30T00:00:00
db:	BID	id:	39153	date:	2010-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2010-001268	date:	2010-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201003-474	date:	2010-03-30T00:00:00
db:	NVD	id:	CVE-2010-0512	date:	2010-03-30T18:30:00.937