ID

VAR-201011-0206


CVE

CVE-2010-1829


TITLE

Apple Mac OS X of AFP Server Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2010-002409

DESCRIPTION

Directory traversal vulnerability in AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to execute arbitrary code by creating files that are outside the bounds of a share. An attacker may leverage this issue to create arbitrary files on the affected computer. This may lead to arbitrary code-execution or allow an attacker to gain access to sensitive information. This issue affects Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X 10.6 to 10.6.4, and Mac OS X Server 10.6 to 10.6.4. NOTE: This issue was previously covered in BID 44778 (Apple Mac OS X Prior to 10.6.5 Multiple Security Vulnerabilities), but has been given its own record to better document it

Trust: 2.07

sources: NVD: CVE-2010-1829 // JVNDB: JVNDB-2010-002409 // BID: 44804 // VULHUB: VHN-44434 // VULMON: CVE-2010-1829

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.6.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.3

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.0

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6 to v10.6.4

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6 to v10.6.4

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.5

Trust: 0.3

sources: BID: 44804 // JVNDB: JVNDB-2010-002409 // CNNVD: CNNVD-201011-157 // NVD: CVE-2010-1829

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-1829
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-1829
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201011-157
value: MEDIUM

Trust: 0.6

VULHUB: VHN-44434
value: MEDIUM

Trust: 0.1

VULMON: CVE-2010-1829
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-1829
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-44434
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-44434 // VULMON: CVE-2010-1829 // JVNDB: JVNDB-2010-002409 // CNNVD: CNNVD-201011-157 // NVD: CVE-2010-1829

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-44434 // JVNDB: JVNDB-2010-002409 // NVD: CVE-2010-1829

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201011-157

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201011-157

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-002409

PATCH

title:HT4435url:http://support.apple.com/kb/HT4435

Trust: 0.8

title:HT4435url:http://support.apple.com/kb/HT4435?viewlocale=ja_JP

Trust: 0.8

sources: JVNDB: JVNDB-2010-002409

EXTERNAL IDS

db:NVDid:CVE-2010-1829

Trust: 2.9

db:SECTRACKid:1024723

Trust: 1.1

db:JVNDBid:JVNDB-2010-002409

Trust: 0.8

db:CNNVDid:CNNVD-201011-157

Trust: 0.7

db:APPLEid:APPLE-SA-2010-11-10-1

Trust: 0.6

db:BIDid:44804

Trust: 0.5

db:VULHUBid:VHN-44434

Trust: 0.1

db:VULMONid:CVE-2010-1829

Trust: 0.1

sources: VULHUB: VHN-44434 // VULMON: CVE-2010-1829 // BID: 44804 // JVNDB: JVNDB-2010-002409 // CNNVD: CNNVD-201011-157 // NVD: CVE-2010-1829

REFERENCES

url:http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html

Trust: 1.8

url:http://support.apple.com/kb/ht4435

Trust: 1.8

url:http://www.securitytracker.com/id?1024723

Trust: 1.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1829

Trust: 0.8

url:http://jvn.jp/cert/jvnvu331391

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1829

Trust: 0.8

url:http://www.apple.com/macosx/

Trust: 0.3

url:http://www.securityfocus.com/advisories/20899

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/22.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.securityfocus.com/bid/44804

Trust: 0.1

sources: VULHUB: VHN-44434 // VULMON: CVE-2010-1829 // BID: 44804 // JVNDB: JVNDB-2010-002409 // CNNVD: CNNVD-201011-157 // NVD: CVE-2010-1829

CREDITS

Apple

Trust: 0.3

sources: BID: 44804

SOURCES

db:VULHUBid:VHN-44434
db:VULMONid:CVE-2010-1829
db:BIDid:44804
db:JVNDBid:JVNDB-2010-002409
db:CNNVDid:CNNVD-201011-157
db:NVDid:CVE-2010-1829

LAST UPDATE DATE

2025-04-11T21:12:39.480000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-44434date:2010-12-10T00:00:00
db:VULMONid:CVE-2010-1829date:2010-12-10T00:00:00
db:BIDid:44804date:2010-11-12T20:27:00
db:JVNDBid:JVNDB-2010-002409date:2010-11-25T00:00:00
db:CNNVDid:CNNVD-201011-157date:2010-11-17T00:00:00
db:NVDid:CVE-2010-1829date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:VULHUBid:VHN-44434date:2010-11-15T00:00:00
db:VULMONid:CVE-2010-1829date:2010-11-15T00:00:00
db:BIDid:44804date:2010-11-10T00:00:00
db:JVNDBid:JVNDB-2010-002409date:2010-11-25T00:00:00
db:CNNVDid:CNNVD-201011-157date:2010-11-17T00:00:00
db:NVDid:CVE-2010-1829date:2010-11-15T23:00:04.047