Sign-up

ID

VAR-201003-0226


CVE

CVE-2010-0521


TITLE

Apple Mac OS X Vulnerability in which important information is obtained in server management

Trust: 0.8

sources: JVNDB: JVNDB-2010-001278

DESCRIPTION

Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests. Remote attackers can exploit this issue to gain anonymous access to Open Directory data, possibly accessing sensitive information. This may aid in further attacks. The following are vulnerable: Mac OS X Server 10.5.8 Mac OS X Server 10.6 prior to 10.6.3 NOTE: This issue was previously covered in BID 39020 (Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security Vulnerabilities) but has been assigned its own record to better document it

Trust: 1.98

sources: NVD: CVE-2010-0521 // JVNDB: JVNDB-2010-001278 // BID: 39281 // VULHUB: VHN-43126

AFFECTED PRODUCTS

vendor:applemodel:mac os x serverscope:eqversion:10.5.6

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.2

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.5

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.7

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.3

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.1

Trust: 1.0

vendor:applemodel:mac os x serverscope:lteversion:10.6.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.0

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6 to v10.6.2

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:10.6.2

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.3

Trust: 0.3

sources: BID: 39281 // JVNDB: JVNDB-2010-001278 // CNNVD: CNNVD-201003-483 // NVD: CVE-2010-0521

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-0521
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-0521
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201003-483
value: MEDIUM

Trust: 0.6

VULHUB: VHN-43126
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-0521
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-43126
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-43126 // JVNDB: JVNDB-2010-001278 // CNNVD: CNNVD-201003-483 // NVD: CVE-2010-0521

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-43126 // JVNDB: JVNDB-2010-001278 // NVD: CVE-2010-0521

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201003-483

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201003-483

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-001278

PATCH
title:HT4077url:http://support.apple.com/kb/HT4077
Trust: 0.8
title:HT4077url:http://support.apple.com/kb/HT4077?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-001278

EXTERNAL IDS
db:NVDid:CVE-2010-0521
Trust: 2.8
db:JVNDBid:JVNDB-2010-001278
Trust: 0.8
db:NSFOCUSid:14715
Trust: 0.6
db:APPLEid:APPLE-SA-2010-03-29-1
Trust: 0.6
db:CNNVDid:CNNVD-201003-483
Trust: 0.6
db:BIDid:39281
Trust: 0.4
db:VULHUBid:VHN-43126
Trust: 0.1
sources:
            
            
            VULHUB: VHN-43126 // 
            
            
            
            BID: 39281 // 
            
            
            
            JVNDB: JVNDB-2010-001278 // 
            
            
            
            CNNVD: CNNVD-201003-483 // 
            
            
            
            NVD: CVE-2010-0521

REFERENCES
url:http://lists.apple.com/archives/security-announce/2010//mar/msg00001.html
Trust: 1.7
url:http://support.apple.com/kb/ht4077
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0521
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0521
Trust: 0.8
url:http://www.nsfocus.net/vulndb/14715
Trust: 0.6
url:http://www.apple.com/macosx/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-43126 // 
            
            
            
            BID: 39281 // 
            
            
            
            JVNDB: JVNDB-2010-001278 // 
            
            
            
            CNNVD: CNNVD-201003-483 // 
            
            
            
            NVD: CVE-2010-0521

CREDITS
Michael KisorDamian Put※ pucik@cc-team.org
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201003-483

SOURCES
db:VULHUBid:VHN-43126
db:BIDid:39281
db:JVNDBid:JVNDB-2010-001278
db:CNNVDid:CNNVD-201003-483
db:NVDid:CVE-2010-0521

LAST UPDATE DATE
2025-04-11T21:43:46.338000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-43126date:2010-06-21T00:00:00
db:BIDid:39281date:2010-03-29T00:00:00
db:JVNDBid:JVNDB-2010-001278date:2010-04-16T00:00:00
db:CNNVDid:CNNVD-201003-483date:2010-03-31T00:00:00
db:NVDid:CVE-2010-0521date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-43126date:2010-03-30T00:00:00
db:BIDid:39281date:2010-03-29T00:00:00
db:JVNDBid:JVNDB-2010-001278date:2010-04-16T00:00:00
db:CNNVDid:CNNVD-201003-483date:2010-03-30T00:00:00
db:NVDid:CVE-2010-0521date:2010-03-30T18:30:01.203