Details of VAR-201003-0236

ID

VAR-201003-0236

CVE

CVE-2010-0501

TITLE

Apple Mac OS X of FTP Server traversal vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2010-001256

DESCRIPTION

Directory traversal vulnerability in FTP Server in Apple Mac OS X Server before 10.6.3 allows remote authenticated users to read arbitrary files via crafted filenames. An attacker can exploit this issue to gain access to files that are outside the FTP root directory. Successful exploits may lead to other attacks. NOTE: This issue was previously covered in BID 39020 (Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security Vulnerabilities) but has been assigned its own record to better document it

Trust: 2.07

sources: NVD: CVE-2010-0501 // JVNDB: JVNDB-2010-001256 // BID: 39231 // VULHUB: VHN-43106 // VULMON: CVE-2010-0501

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.6	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.2	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.1	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.4	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.5	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.0	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.8	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.7	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.3	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.6.0	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.6.1	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	lte	version:	10.6.2	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.5.8	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.6 to v10.6.2	Trust: 0.8
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	ne	version:	x10.6.3	Trust: 0.3

sources: BID: 39231 // JVNDB: JVNDB-2010-001256 // CNNVD: CNNVD-201003-463 // NVD: CVE-2010-0501

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-0501
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2010-0501
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201003-463
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-43106
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2010-0501
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2010-0501
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	CVE-2010-0501
severity:	HIGH
baseScore:	7.2
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-43106
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-43106 // VULMON: CVE-2010-0501 // JVNDB: JVNDB-2010-001256 // CNNVD: CNNVD-201003-463 // NVD: CVE-2010-0501

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-43106 // JVNDB: JVNDB-2010-001256 // NVD: CVE-2010-0501

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201003-463

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201003-463

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-001256

PATCH

title:	HT4077	url:	http://support.apple.com/kb/HT4077	Trust: 0.8
title:	HT4077	url:	http://support.apple.com/kb/HT4077?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2010-001256

EXTERNAL IDS

db:	NVD	id:	CVE-2010-0501	Trust: 2.9
db:	JVNDB	id:	JVNDB-2010-001256	Trust: 0.8
db:	CNNVD	id:	CNNVD-201003-463	Trust: 0.7
db:	NSFOCUS	id:	14715	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2010-03-29-1	Trust: 0.6
db:	BID	id:	39231	Trust: 0.4
db:	VULHUB	id:	VHN-43106	Trust: 0.1
db:	VULMON	id:	CVE-2010-0501	Trust: 0.1

sources: VULHUB: VHN-43106 // VULMON: CVE-2010-0501 // BID: 39231 // JVNDB: JVNDB-2010-001256 // CNNVD: CNNVD-201003-463 // NVD: CVE-2010-0501

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2010//mar/msg00001.html	Trust: 1.8
url:	http://support.apple.com/kb/ht4077	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0501	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0501	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/14715	Trust: 0.6
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	https://www.rapid7.com/db/vulnerabilities/apple-osx-ftpserver-cve-2010-0501	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=20167	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-43106 // VULMON: CVE-2010-0501 // BID: 39231 // JVNDB: JVNDB-2010-001256 // CNNVD: CNNVD-201003-463 // NVD: CVE-2010-0501

CREDITS

Michael KisorDamian Put <pucik@cc-team.org>

Trust: 0.6

sources: CNNVD: CNNVD-201003-463

SOURCES

db:	VULHUB	id:	VHN-43106
db:	VULMON	id:	CVE-2010-0501
db:	BID	id:	39231
db:	JVNDB	id:	JVNDB-2010-001256
db:	CNNVD	id:	CNNVD-201003-463
db:	NVD	id:	CVE-2010-0501

LAST UPDATE DATE

2025-04-11T21:41:02.703000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-43106	date:	2010-03-31T00:00:00
db:	VULMON	id:	CVE-2010-0501	date:	2010-03-31T00:00:00
db:	BID	id:	39231	date:	2010-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2010-001256	date:	2010-04-14T00:00:00
db:	CNNVD	id:	CNNVD-201003-463	date:	2010-03-31T00:00:00
db:	NVD	id:	CVE-2010-0501	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-43106	date:	2010-03-30T00:00:00
db:	VULMON	id:	CVE-2010-0501	date:	2010-03-30T00:00:00
db:	BID	id:	39231	date:	2010-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2010-001256	date:	2010-04-14T00:00:00
db:	CNNVD	id:	CNNVD-201003-463	date:	2010-03-30T00:00:00
db:	NVD	id:	CVE-2010-0501	date:	2010-03-30T18:30:00.610