Details of VAR-201006-0056

ID

VAR-201006-0056

CVE

CVE-2010-0545

TITLE

Apple Mac OS X of DesktopServices Vulnerable to access restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2010-001647

DESCRIPTION

The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, does not set the expected file ownerships during an "Apply to enclosed items" action, which allows local users to bypass intended access restrictions via normal filesystem operations. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2010-004. The update addresses new vulnerabilities that affect the CUPS, DesktopServices, Folder Manager, Help Viewer, iChat, ImageIO, Network Authorization, Open Directory, Printer Setup, Printing, Ruby, SMB File Server, and Wiki Server components of Mac OS X. The advisory also contains security updates for 13 previously reported issues. This BID is being retired. The following individual records exist to better document the issues: 40886 Apple Mac OS X Help Viewer 'help://' URI Cross Site Scripting Vulnerability 40887 Apple Mac OS X Folder Manager Symbolic Link Handling Security Bypass Vulnerability 40888 Apple Mac OS X Prior to 10.6.4 Printer Setup (CVE-2010-1379) Remote Denial Of Service Vulnerability 40889 Apple Mac OS X CUPS Web Interface Unspecified Cross Site Request Forgery Vulnerability 40892 Apple Mac OS X Wiki Server Comment HTML Injection Vulnerability 40893 Apple Mac OS X Samba Wide Links Symbolic Link Handling Security Bypass Vulnerability 40894 Apple Mac OS X Prior to 10.6.4 ImageIO (CVE-2010-0543) Remote Code Execution Vulnerability 40895 Ruby WEBrick UTF-7 Encoding Cross Site Scripting Vulnerability 40896 Apple Mac OS X iChat Inline Image Transfer Directory Traversal Vulnerability 40897 Apple Mac OS X CUPS Web Interface Unspecified Information Disclosure Vulnerability 40898 Apple Mac OS X DesktopServices Component Insecure File Permissions Vulnerability 40901 Apple Mac OS X Network Authorization Local Privilege Escalation Vulnerability 40902 Apple Mac OS X Network Authorization URI Handler Remote Format String Vulnerability 40903 Apple Mac OS X Prior to 10.6.4 Printing (CVE-2010-1380) Integer Overflow Vulnerability 40905 Apple Mac OS X Prior to 10.6.4 Open Directory (CVE-2010-1377) Security Bypass Vulnerability. This issue can leave legitimate users with a false sense of security, and could allow a local attacker to access files they were not intended to. Mac OS X 10.5.8, Mac OS X Server 10.5.8, Mac OS X 10.6 through 10.6.3, and Mac OS X Server 10.6 through 10.6.3 are vulnerable

Trust: 2.25

sources: NVD: CVE-2010-0545 // JVNDB: JVNDB-2010-001647 // BID: 40871 // BID: 40898 // VULHUB: VHN-43150

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.6.3	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.6.2	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.6.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.6.1	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.8	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.6.3	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.6.1	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.8	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.6.0	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.6.0	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.5.8	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.6 to v10.6.3	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.5.8	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.6 to v10.6.3	Trust: 0.8
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.3	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.2	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.1	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.8	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.7	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.6	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.5	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.4	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.3	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.2	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.1	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.3	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.2	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.1	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.8	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.7	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.6	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.5	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.4	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.3	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.2	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.1	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	ne	version:	x10.6.4	Trust: 0.6
vendor:	apple	model:	mac os	scope:	ne	version:	x10.6.4	Trust: 0.6

sources: BID: 40871 // BID: 40898 // JVNDB: JVNDB-2010-001647 // CNNVD: CNNVD-201006-283 // NVD: CVE-2010-0545

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-0545
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2010-0545
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201006-283
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-43150
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2010-0545
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-43150
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-43150 // JVNDB: JVNDB-2010-001647 // CNNVD: CNNVD-201006-283 // NVD: CVE-2010-0545

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-43150 // JVNDB: JVNDB-2010-001647 // NVD: CVE-2010-0545

THREAT TYPE

local

Trust: 0.9

sources: BID: 40898 // CNNVD: CNNVD-201006-283

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201006-283

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-001647

PATCH

title:	HT4188	url:	http://support.apple.com/kb/HT4188	Trust: 0.8
title:	HT4188	url:	http://support.apple.com/kb/HT4188?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2010-001647

EXTERNAL IDS

db:	NVD	id:	CVE-2010-0545	Trust: 2.8
db:	VUPEN	id:	ADV-2010-1481	Trust: 2.5
db:	SECUNIA	id:	40220	Trust: 2.5
db:	SECTRACK	id:	1024103	Trust: 2.5
db:	BID	id:	40871	Trust: 2.0
db:	JVNDB	id:	JVNDB-2010-001647	Trust: 0.8
db:	CNNVD	id:	CNNVD-201006-283	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2010-06-15-1	Trust: 0.6
db:	BID	id:	40898	Trust: 0.4
db:	VULHUB	id:	VHN-43150	Trust: 0.1

sources: VULHUB: VHN-43150 // BID: 40871 // BID: 40898 // JVNDB: JVNDB-2010-001647 // CNNVD: CNNVD-201006-283 // NVD: CVE-2010-0545

REFERENCES

url:	http://securitytracker.com/id?1024103	Trust: 2.5
url:	http://secunia.com/advisories/40220	Trust: 2.5
url:	http://www.vupen.com/english/advisories/2010/1481	Trust: 2.5
url:	http://lists.apple.com/archives/security-announce/2010//jun/msg00001.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/40871	Trust: 1.7
url:	http://support.apple.com/kb/ht4188	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0545	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0545	Trust: 0.8
url:	http://www.apple.com/macosx/	Trust: 0.6

sources: VULHUB: VHN-43150 // BID: 40871 // BID: 40898 // JVNDB: JVNDB-2010-001647 // CNNVD: CNNVD-201006-283 // NVD: CVE-2010-0545

CREDITS

Apple; Adrian 'pagvac' Pastor of GNUCITIZEN, and Tim Starling; Tim Waugh; Luca Carettoni; Michi Ruepp of pianobakery.com; Clint Ruoho of Laconic Security; Kevin Finisterre of digitalmunition.com; MIT Kerberos Team; Joel Johnson, Debian, Brian Almeida; Emm

Trust: 0.6

sources: CNNVD: CNNVD-201006-283

SOURCES

db:	VULHUB	id:	VHN-43150
db:	BID	id:	40871
db:	BID	id:	40898
db:	JVNDB	id:	JVNDB-2010-001647
db:	CNNVD	id:	CNNVD-201006-283
db:	NVD	id:	CVE-2010-0545

LAST UPDATE DATE

2025-04-11T20:05:00.271000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-43150	date:	2010-06-17T00:00:00
db:	BID	id:	40871	date:	2010-06-16T21:59:00
db:	BID	id:	40898	date:	2010-06-15T00:00:00
db:	JVNDB	id:	JVNDB-2010-001647	date:	2010-07-08T00:00:00
db:	CNNVD	id:	CNNVD-201006-283	date:	2010-06-21T00:00:00
db:	NVD	id:	CVE-2010-0545	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-43150	date:	2010-06-17T00:00:00
db:	BID	id:	40871	date:	2010-06-15T00:00:00
db:	BID	id:	40898	date:	2010-06-15T00:00:00
db:	JVNDB	id:	JVNDB-2010-001647	date:	2010-07-08T00:00:00
db:	CNNVD	id:	CNNVD-201006-283	date:	2010-06-18T00:00:00
db:	NVD	id:	CVE-2010-0545	date:	2010-06-17T16:30:01.437