Details of VAR-201006-0227

ID

VAR-201006-0227

CVE

CVE-2010-1374

TITLE

Apple Mac OS X of iChat Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2010-001650

DESCRIPTION

Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation. An attacker may leverage this issue to upload files on the affected computer. This may lead to arbitrary code-execution or allow an attacker to gain access to sensitive information. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2010-004. The update addresses new vulnerabilities that affect the CUPS, DesktopServices, Folder Manager, Help Viewer, iChat, ImageIO, Network Authorization, Open Directory, Printer Setup, Printing, Ruby, SMB File Server, and Wiki Server components of Mac OS X. The advisory also contains security updates for 13 previously reported issues. This BID is being retired. The following individual records exist to better document the issues: 40886 Apple Mac OS X Help Viewer 'help://' URI Cross Site Scripting Vulnerability 40887 Apple Mac OS X Folder Manager Symbolic Link Handling Security Bypass Vulnerability 40888 Apple Mac OS X Prior to 10.6.4 Printer Setup (CVE-2010-1379) Remote Denial Of Service Vulnerability 40889 Apple Mac OS X CUPS Web Interface Unspecified Cross Site Request Forgery Vulnerability 40892 Apple Mac OS X Wiki Server Comment HTML Injection Vulnerability 40893 Apple Mac OS X Samba Wide Links Symbolic Link Handling Security Bypass Vulnerability 40894 Apple Mac OS X Prior to 10.6.4 ImageIO (CVE-2010-0543) Remote Code Execution Vulnerability 40895 Ruby WEBrick UTF-7 Encoding Cross Site Scripting Vulnerability 40896 Apple Mac OS X iChat Inline Image Transfer Directory Traversal Vulnerability 40897 Apple Mac OS X CUPS Web Interface Unspecified Information Disclosure Vulnerability 40898 Apple Mac OS X DesktopServices Component Insecure File Permissions Vulnerability 40901 Apple Mac OS X Network Authorization Local Privilege Escalation Vulnerability 40902 Apple Mac OS X Network Authorization URI Handler Remote Format String Vulnerability 40903 Apple Mac OS X Prior to 10.6.4 Printing (CVE-2010-1380) Integer Overflow Vulnerability 40905 Apple Mac OS X Prior to 10.6.4 Open Directory (CVE-2010-1377) Security Bypass Vulnerability

Trust: 2.25

sources: NVD: CVE-2010-1374 // JVNDB: JVNDB-2010-001650 // BID: 40896 // BID: 40871 // VULHUB: VHN-43979

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.6.3	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.6.2	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.6.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.6.1	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.8	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.6.3	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.6.1	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.8	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.6.0	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.6.0	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.5.8	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.6 to v10.6.3	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.5.8	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.6 to v10.6.3	Trust: 0.8
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.3	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.2	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.1	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.3	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.2	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.1	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	ne	version:	x10.6.4	Trust: 0.6
vendor:	apple	model:	mac os	scope:	ne	version:	x10.6.4	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5	Trust: 0.3

sources: BID: 40896 // BID: 40871 // JVNDB: JVNDB-2010-001650 // CNNVD: CNNVD-201006-286 // NVD: CVE-2010-1374

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-1374
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2010-1374
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201006-286
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-43979
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2010-1374
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-43979
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-43979 // JVNDB: JVNDB-2010-001650 // CNNVD: CNNVD-201006-286 // NVD: CVE-2010-1374

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-43979 // JVNDB: JVNDB-2010-001650 // NVD: CVE-2010-1374

THREAT TYPE

network

Trust: 0.6

sources: BID: 40896 // BID: 40871

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201006-286

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-001650

PATCH

title:	HT4188	url:	http://support.apple.com/kb/HT4188	Trust: 0.8
title:	HT4188	url:	http://support.apple.com/kb/HT4188?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2010-001650

EXTERNAL IDS

db:	NVD	id:	CVE-2010-1374	Trust: 2.8
db:	VUPEN	id:	ADV-2010-1481	Trust: 2.5
db:	SECUNIA	id:	40220	Trust: 2.5
db:	SECTRACK	id:	1024103	Trust: 2.5
db:	BID	id:	40871	Trust: 2.0
db:	JVNDB	id:	JVNDB-2010-001650	Trust: 0.8
db:	CNNVD	id:	CNNVD-201006-286	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2010-06-15-1	Trust: 0.6
db:	BID	id:	40896	Trust: 0.4
db:	VULHUB	id:	VHN-43979	Trust: 0.1

sources: VULHUB: VHN-43979 // BID: 40896 // BID: 40871 // JVNDB: JVNDB-2010-001650 // CNNVD: CNNVD-201006-286 // NVD: CVE-2010-1374

REFERENCES

url:	http://securitytracker.com/id?1024103	Trust: 2.5
url:	http://secunia.com/advisories/40220	Trust: 2.5
url:	http://www.vupen.com/english/advisories/2010/1481	Trust: 2.5
url:	http://lists.apple.com/archives/security-announce/2010//jun/msg00001.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/40871	Trust: 1.7
url:	http://support.apple.com/kb/ht4188	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1374	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1374	Trust: 0.8
url:	http://www.apple.com/macosx/	Trust: 0.6

sources: VULHUB: VHN-43979 // BID: 40896 // BID: 40871 // JVNDB: JVNDB-2010-001650 // CNNVD: CNNVD-201006-286 // NVD: CVE-2010-1374

CREDITS

Apple; Adrian 'pagvac' Pastor of GNUCITIZEN, and Tim Starling; Tim Waugh; Luca Carettoni; Michi Ruepp of pianobakery.com; Clint Ruoho of Laconic Security; Kevin Finisterre of digitalmunition.com; MIT Kerberos Team; Joel Johnson, Debian, Brian Almeida; Emm

Trust: 0.6

sources: CNNVD: CNNVD-201006-286

SOURCES

db:	VULHUB	id:	VHN-43979
db:	BID	id:	40896
db:	BID	id:	40871
db:	JVNDB	id:	JVNDB-2010-001650
db:	CNNVD	id:	CNNVD-201006-286
db:	NVD	id:	CVE-2010-1374

LAST UPDATE DATE

2025-04-11T20:16:55.503000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-43979	date:	2010-06-17T00:00:00
db:	BID	id:	40896	date:	2010-06-21T18:18:00
db:	BID	id:	40871	date:	2010-06-16T21:59:00
db:	JVNDB	id:	JVNDB-2010-001650	date:	2010-07-08T00:00:00
db:	CNNVD	id:	CNNVD-201006-286	date:	2010-06-21T00:00:00
db:	NVD	id:	CVE-2010-1374	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-43979	date:	2010-06-17T00:00:00
db:	BID	id:	40896	date:	2010-06-15T00:00:00
db:	BID	id:	40871	date:	2010-06-15T00:00:00
db:	JVNDB	id:	JVNDB-2010-001650	date:	2010-07-08T00:00:00
db:	CNNVD	id:	CNNVD-201006-286	date:	2010-06-21T00:00:00
db:	NVD	id:	CVE-2010-1374	date:	2010-06-17T16:30:01.530