Details of VAR-201003-0234

ID

VAR-201003-0234

CVE

CVE-2010-0498

TITLE

Apple Mac OS X Vulnerability that can be obtained authority in the directory service of

Trust: 0.8

sources: JVNDB: JVNDB-2010-001252

DESCRIPTION

Directory Services in Apple Mac OS X before 10.6.3 does not properly perform authorization during processing of record names, which allows local users to gain privileges via unspecified vectors. Successful exploits can allow attackers to execute arbitrary code with system-level privileges, resulting in the complete compromise of the affected computer. The following are vulnerable: Mac OS X 10.5.8 Mac OS X Server 10.5.8 Mac OS X 10.6 through 10.6.2 Mac OS X Server 10.6 through 10.6.2 NOTE: This issue was previously covered in BID 39020 (Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security Vulnerabilities) but has been assigned its own record to better document it

Trust: 1.98

sources: NVD: CVE-2010-0498 // JVNDB: JVNDB-2010-001252 // BID: 39256 // VULHUB: VHN-43103

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.6	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.2	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.1	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.4	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.5	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.0	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.8	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.7	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.3	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.6.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.5	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.6.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lte	version:	10.6.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.8	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.6.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.6.1	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	lte	version:	10.6.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.7	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.5.8	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.6 to v10.6.2	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.5.8	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.6 to v10.6.2	Trust: 0.8
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	ne	version:	x10.6.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.6.3	Trust: 0.3

sources: BID: 39256 // JVNDB: JVNDB-2010-001252 // CNNVD: CNNVD-201003-461 // NVD: CVE-2010-0498

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-0498
value:	HIGH
Trust: 1.0
NVD:	CVE-2010-0498
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201003-461
value:	HIGH
Trust: 0.6
VULHUB:	VHN-43103
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2010-0498
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-43103
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-43103 // JVNDB: JVNDB-2010-001252 // CNNVD: CNNVD-201003-461 // NVD: CVE-2010-0498

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-43103 // JVNDB: JVNDB-2010-001252 // NVD: CVE-2010-0498

THREAT TYPE

local

Trust: 0.9

sources: BID: 39256 // CNNVD: CNNVD-201003-461

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201003-461

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-001252

PATCH

title:	HT4077	url:	http://support.apple.com/kb/HT4077	Trust: 0.8
title:	HT4077	url:	http://support.apple.com/kb/HT4077?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2010-001252

EXTERNAL IDS

db:	NVD	id:	CVE-2010-0498	Trust: 2.8
db:	JVNDB	id:	JVNDB-2010-001252	Trust: 0.8
db:	CNNVD	id:	CNNVD-201003-461	Trust: 0.7
db:	NSFOCUS	id:	14715	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2010-03-29-1	Trust: 0.6
db:	BID	id:	39256	Trust: 0.4
db:	VULHUB	id:	VHN-43103	Trust: 0.1

sources: VULHUB: VHN-43103 // BID: 39256 // JVNDB: JVNDB-2010-001252 // CNNVD: CNNVD-201003-461 // NVD: CVE-2010-0498

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2010//mar/msg00001.html	Trust: 1.7
url:	http://support.apple.com/kb/ht4077	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0498	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0498	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/14715	Trust: 0.6
url:	http://www.apple.com/macosx/	Trust: 0.3

sources: VULHUB: VHN-43103 // BID: 39256 // JVNDB: JVNDB-2010-001252 // CNNVD: CNNVD-201003-461 // NVD: CVE-2010-0498

CREDITS

Michael KisorDamian Put <pucik@cc-team.org>

Trust: 0.6

sources: CNNVD: CNNVD-201003-461

SOURCES

db:	VULHUB	id:	VHN-43103
db:	BID	id:	39256
db:	JVNDB	id:	JVNDB-2010-001252
db:	CNNVD	id:	CNNVD-201003-461
db:	NVD	id:	CVE-2010-0498

LAST UPDATE DATE

2025-04-11T21:05:35.166000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-43103	date:	2010-03-31T00:00:00
db:	BID	id:	39256	date:	2010-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2010-001252	date:	2010-04-14T00:00:00
db:	CNNVD	id:	CNNVD-201003-461	date:	2010-03-31T00:00:00
db:	NVD	id:	CVE-2010-0498	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-43103	date:	2010-03-30T00:00:00
db:	BID	id:	39256	date:	2010-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2010-001252	date:	2010-04-14T00:00:00
db:	CNNVD	id:	CNNVD-201003-461	date:	2010-03-30T00:00:00
db:	NVD	id:	CVE-2010-0498	date:	2010-03-30T18:30:00.547