ID

VAR-201006-0228


CVE

CVE-2010-1375


TITLE

Apple Mac OS X Vulnerability that can be obtained authority in network authentication

Trust: 0.8

sources: JVNDB: JVNDB-2010-001655

DESCRIPTION

NetAuthSysAgent in Network Authorization in Apple Mac OS X 10.5.8 does not have the expected authorization requirements, which allows local users to gain privileges via unspecified vectors. Successful exploits can allow attackers to execute arbitrary code with superuser privileges, resulting in the complete compromise of the affected computer. The update addresses new vulnerabilities that affect the CUPS, DesktopServices, Folder Manager, Help Viewer, iChat, ImageIO, Network Authorization, Open Directory, Printer Setup, Printing, Ruby, SMB File Server, and Wiki Server components of Mac OS X. The advisory also contains security updates for 13 previously reported issues. This BID is being retired

Trust: 2.34

sources: NVD: CVE-2010-1375 // JVNDB: JVNDB-2010-001655 // BID: 40901 // BID: 40871 // VULHUB: VHN-43980 // VULMON: CVE-2010-1375

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.5.8

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.7

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.6

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.5

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.8

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.7

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.6

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.5

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.6.4

Trust: 0.3

sources: BID: 40901 // BID: 40871 // JVNDB: JVNDB-2010-001655 // CNNVD: CNNVD-201006-287 // NVD: CVE-2010-1375

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-1375
value: HIGH

Trust: 1.0

NVD: CVE-2010-1375
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201006-287
value: HIGH

Trust: 0.6

VULHUB: VHN-43980
value: HIGH

Trust: 0.1

VULMON: CVE-2010-1375
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2010-1375
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-43980
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-43980 // VULMON: CVE-2010-1375 // JVNDB: JVNDB-2010-001655 // CNNVD: CNNVD-201006-287 // NVD: CVE-2010-1375

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-43980 // JVNDB: JVNDB-2010-001655 // NVD: CVE-2010-1375

THREAT TYPE

local

Trust: 0.9

sources: BID: 40901 // CNNVD: CNNVD-201006-287

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201006-287

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-001655

PATCH

title:HT4188url:http://support.apple.com/kb/HT4188

Trust: 0.8

title:HT4188url:http://support.apple.com/kb/HT4188?viewlocale=ja_JP

Trust: 0.8

sources: JVNDB: JVNDB-2010-001655

EXTERNAL IDS

db:NVDid:CVE-2010-1375

Trust: 2.9

db:SECUNIAid:40220

Trust: 2.6

db:VUPENid:ADV-2010-1481

Trust: 2.5

db:SECTRACKid:1024103

Trust: 2.5

db:BIDid:40871

Trust: 2.1

db:JVNDBid:JVNDB-2010-001655

Trust: 0.8

db:CNNVDid:CNNVD-201006-287

Trust: 0.7

db:APPLEid:APPLE-SA-2010-06-15-1

Trust: 0.6

db:BIDid:40901

Trust: 0.5

db:VULHUBid:VHN-43980

Trust: 0.1

db:VUPENid:2010/1481

Trust: 0.1

db:VULMONid:CVE-2010-1375

Trust: 0.1

sources: VULHUB: VHN-43980 // VULMON: CVE-2010-1375 // BID: 40901 // BID: 40871 // JVNDB: JVNDB-2010-001655 // CNNVD: CNNVD-201006-287 // NVD: CVE-2010-1375

REFERENCES

url:http://securitytracker.com/id?1024103

Trust: 2.6

url:http://secunia.com/advisories/40220

Trust: 2.6

url:http://www.vupen.com/english/advisories/2010/1481

Trust: 2.6

url:http://lists.apple.com/archives/security-announce/2010//jun/msg00001.html

Trust: 1.8

url:http://www.securityfocus.com/bid/40871

Trust: 1.8

url:http://support.apple.com/kb/ht4188

Trust: 1.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1375

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1375

Trust: 0.8

url:http://www.apple.com/macosx/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/287.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.securityfocus.com/bid/40901

Trust: 0.1

sources: VULHUB: VHN-43980 // VULMON: CVE-2010-1375 // BID: 40901 // BID: 40871 // JVNDB: JVNDB-2010-001655 // CNNVD: CNNVD-201006-287 // NVD: CVE-2010-1375

CREDITS

Apple; Adrian 'pagvac' Pastor of GNUCITIZEN, and Tim Starling; Tim Waugh; Luca Carettoni; Michi Ruepp of pianobakery.com; Clint Ruoho of Laconic Security; Kevin Finisterre of digitalmunition.com; MIT Kerberos Team; Joel Johnson, Debian, Brian Almeida; Emm

Trust: 0.6

sources: CNNVD: CNNVD-201006-287

SOURCES

db:VULHUBid:VHN-43980
db:VULMONid:CVE-2010-1375
db:BIDid:40901
db:BIDid:40871
db:JVNDBid:JVNDB-2010-001655
db:CNNVDid:CNNVD-201006-287
db:NVDid:CVE-2010-1375

LAST UPDATE DATE

2025-04-11T22:03:12.204000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-43980date:2010-06-18T00:00:00
db:VULMONid:CVE-2010-1375date:2010-06-18T00:00:00
db:BIDid:40901date:2010-06-15T00:00:00
db:BIDid:40871date:2010-06-16T21:59:00
db:JVNDBid:JVNDB-2010-001655date:2010-07-09T00:00:00
db:CNNVDid:CNNVD-201006-287date:2010-06-21T00:00:00
db:NVDid:CVE-2010-1375date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:VULHUBid:VHN-43980date:2010-06-17T00:00:00
db:VULMONid:CVE-2010-1375date:2010-06-17T00:00:00
db:BIDid:40901date:2010-06-15T00:00:00
db:BIDid:40871date:2010-06-15T00:00:00
db:JVNDBid:JVNDB-2010-001655date:2010-07-09T00:00:00
db:CNNVDid:CNNVD-201006-287date:2010-06-21T00:00:00
db:NVDid:CVE-2010-1375date:2010-06-17T16:30:01.577