Details of VAR-201202-0145

ID

VAR-201202-0145

CVE

CVE-2011-3463

TITLE

Apple Mac OS X of WebDAV Sharing Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2012-001293

DESCRIPTION

WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properly perform authentication, which allows local users to gain privileges by leveraging access to (1) the server or (2) a bound directory. Apple Mac OS X is prone a local privilege-escalation vulnerability. Attackers can exploit this issue to execute arbitrary code with superuser privileges. MAC OS X Server versions 10.7 through 10.7.2 are vulnerable. NOTE: This issue was previously discussed in BID 51798 (Apple Mac OS X Prior to 10.7.3 Multiple Security Vulnerabilities) but has been given its own record to better document it

Trust: 2.07

sources: NVD: CVE-2011-3463 // JVNDB: JVNDB-2012-001293 // BID: 51816 // VULHUB: VHN-51408 // VULMON: CVE-2011-3463

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x server	scope:	eq	version:	10.7.0	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.7.1	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.7.2	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.7.1	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.7.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.7.0	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.7 to v10.7.2	Trust: 0.8
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	ne	version:	x10.7.3	Trust: 0.3

sources: BID: 51816 // JVNDB: JVNDB-2012-001293 // CNNVD: CNNVD-201202-081 // NVD: CVE-2011-3463

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-3463
value:	HIGH
Trust: 1.0
NVD:	CVE-2011-3463
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201202-081
value:	HIGH
Trust: 0.6
VULHUB:	VHN-51408
value:	HIGH
Trust: 0.1
VULMON:	CVE-2011-3463
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2011-3463
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-51408
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-51408 // VULMON: CVE-2011-3463 // JVNDB: JVNDB-2012-001293 // CNNVD: CNNVD-201202-081 // NVD: CVE-2011-3463

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-51408 // JVNDB: JVNDB-2012-001293 // NVD: CVE-2011-3463

THREAT TYPE

local

Trust: 0.9

sources: BID: 51816 // CNNVD: CNNVD-201202-081

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201202-081

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001293

PATCH

title:

HT5130

url:

http://support.apple.com/kb/HT5130

Trust: 0.8

sources: JVNDB: JVNDB-2012-001293

EXTERNAL IDS

db:	NVD	id:	CVE-2011-3463	Trust: 2.9
db:	JVNDB	id:	JVNDB-2012-001293	Trust: 0.8
db:	CNNVD	id:	CNNVD-201202-081	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2012-02-01-1	Trust: 0.6
db:	BID	id:	51816	Trust: 0.4
db:	SEEBUG	id:	SSVID-30084	Trust: 0.1
db:	VULHUB	id:	VHN-51408	Trust: 0.1
db:	VULMON	id:	CVE-2011-3463	Trust: 0.1

sources: VULHUB: VHN-51408 // VULMON: CVE-2011-3463 // BID: 51816 // JVNDB: JVNDB-2012-001293 // CNNVD: CNNVD-201202-081 // NVD: CVE-2011-3463

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2012/feb/msg00000.html	Trust: 1.8
url:	http://support.apple.com/kb/ht5130	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3463	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu382755/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3463	Trust: 0.8
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://www.rapid7.com/db/vulnerabilities/apple-osx-webdavsharing-cve-2011-3463	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-51408 // VULMON: CVE-2011-3463 // BID: 51816 // JVNDB: JVNDB-2012-001293 // CNNVD: CNNVD-201202-081 // NVD: CVE-2011-3463

CREDITS

Gordon Davisson of Crywolf

Trust: 0.3

sources: BID: 51816

SOURCES

db:	VULHUB	id:	VHN-51408
db:	VULMON	id:	CVE-2011-3463
db:	BID	id:	51816
db:	JVNDB	id:	JVNDB-2012-001293
db:	CNNVD	id:	CNNVD-201202-081
db:	NVD	id:	CVE-2011-3463

LAST UPDATE DATE

2025-04-11T19:45:55.061000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-51408	date:	2012-02-03T00:00:00
db:	VULMON	id:	CVE-2011-3463	date:	2012-02-03T00:00:00
db:	BID	id:	51816	date:	2012-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2012-001293	date:	2012-02-06T00:00:00
db:	CNNVD	id:	CNNVD-201202-081	date:	2012-02-06T00:00:00
db:	NVD	id:	CVE-2011-3463	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-51408	date:	2012-02-02T00:00:00
db:	VULMON	id:	CVE-2011-3463	date:	2012-02-02T00:00:00
db:	BID	id:	51816	date:	2012-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2012-001293	date:	2012-02-06T00:00:00
db:	CNNVD	id:	CNNVD-201202-081	date:	2012-02-06T00:00:00
db:	NVD	id:	CVE-2011-3463	date:	2012-02-02T18:55:01.550