Details of VAR-201202-0144

ID

VAR-201202-0144

CVE

CVE-2011-3462

TITLE

Apple Mac OS X of Time Machine Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2012-001292

DESCRIPTION

Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a different vulnerability than CVE-2010-1803. This vulnerability CVE-2010-1803 Is a different vulnerability.If a third party impersonates the storage object, important information may be obtained. Apple Mac OS X is prone to a security bypass vulnerability. An attacker can exploit this issue to gain unauthorized access to new backups created by the user's system. The following products are vulnerable: Mac OS X 10.7 to 10.7.2 Mac OS X Server 10.7 to 10.7.2 NOTE: This issue was previously discussed in BID 51798 (Apple Mac OS X Prior to 10.7.3 Multiple Security Vulnerabilities) but has been given its own record to better document it

Trust: 1.98

sources: NVD: CVE-2011-3462 // JVNDB: JVNDB-2012-001292 // BID: 51818 // VULHUB: VHN-51407

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x server	scope:	eq	version:	10.7.0	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.7.1	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.7.1	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.7.0	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	lte	version:	10.7.2	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	lte	version:	10.7.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.7 to v10.7.2	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.7.2	Trust: 0.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.7.2	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	ne	version:	x10.7.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.7.3	Trust: 0.3

sources: BID: 51818 // JVNDB: JVNDB-2012-001292 // CNNVD: CNNVD-201202-080 // NVD: CVE-2011-3462

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-3462
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-3462
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201202-080
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-51407
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-3462
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-51407
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-51407 // JVNDB: JVNDB-2012-001292 // CNNVD: CNNVD-201202-080 // NVD: CVE-2011-3462

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2011-3462

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201202-080

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201202-080

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001292

PATCH

title:

HT5130

url:

http://support.apple.com/kb/HT5130

Trust: 0.8

sources: JVNDB: JVNDB-2012-001292

EXTERNAL IDS

db:	NVD	id:	CVE-2011-3462	Trust: 2.8
db:	JVNDB	id:	JVNDB-2012-001292	Trust: 0.8
db:	CNNVD	id:	CNNVD-201202-080	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2012-02-01-1	Trust: 0.6
db:	BID	id:	51818	Trust: 0.4
db:	VULHUB	id:	VHN-51407	Trust: 0.1

sources: VULHUB: VHN-51407 // BID: 51818 // JVNDB: JVNDB-2012-001292 // CNNVD: CNNVD-201202-080 // NVD: CVE-2011-3462

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2012/feb/msg00000.html	Trust: 1.7
url:	http://support.apple.com/kb/ht5130	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3462	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu382755/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3462	Trust: 0.8
url:	http://www.apple.com/macosx/	Trust: 0.3

sources: VULHUB: VHN-51407 // BID: 51818 // JVNDB: JVNDB-2012-001292 // CNNVD: CNNVD-201202-080 // NVD: CVE-2011-3462

CREDITS

Michael Roitzsch of the Technische Universitat Dresden

Trust: 0.3

sources: BID: 51818

SOURCES

db:	VULHUB	id:	VHN-51407
db:	BID	id:	51818
db:	JVNDB	id:	JVNDB-2012-001292
db:	CNNVD	id:	CNNVD-201202-080
db:	NVD	id:	CVE-2011-3462

LAST UPDATE DATE

2025-04-11T21:58:44.646000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-51407	date:	2012-02-03T00:00:00
db:	BID	id:	51818	date:	2012-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2012-001292	date:	2012-02-06T00:00:00
db:	CNNVD	id:	CNNVD-201202-080	date:	2012-02-06T00:00:00
db:	NVD	id:	CVE-2011-3462	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-51407	date:	2012-02-02T00:00:00
db:	BID	id:	51818	date:	2012-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2012-001292	date:	2012-02-06T00:00:00
db:	CNNVD	id:	CNNVD-201202-080	date:	2012-02-06T00:00:00
db:	NVD	id:	CVE-2011-3462	date:	2012-02-02T18:55:01.520