Details of VAR-201208-0680

ID

VAR-201208-0680

CVE

CVE-2012-0681

TITLE

Apple Remote Desktop Plaintext in VNC Session acquisition vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2012-003791

DESCRIPTION

Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all network data" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network. Apple Remote Desktop is a remote management software for Apple systems. A remote attacker can exploit this issue to obtain sensitive information, possibly aiding in further attacks. This issue is addressed by creating an SSH tunnel for the VNC connection in this configuration, and preventing the connection if the SSH tunnel cannot be created. CVE-ID CVE-2012-0681 : Mark S. Smith studying at Central Connecticut State University Apple Remote Desktop 3.6.1 may be obtained from Mac App Store, the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The download file is named: "RemoteDesktopAdmin361.dmg" Its SHA-1 digest is: dd41bab369c7905e79ff3b3adea97904f55d9759 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJQMqP5AAoJEPefwLHPlZEwUy8P/3qgEUoJz4NnnJgeyo+3z7Wl a2/b5yPx5ptTcZiGandRMlrDftbwbOkpwCwJrqIv4czXL5T1J08cxUAW0rN2PzWG KXCkjYQMRBVQoQftrL8wqNCJW3pPMTz0CGfoPXt2g7cR+9YVFyIwa2PLCVfKOgds Y8kqlNJXgYwvJC22I3IDRvohsTJi4PYfZnRad3rd97J2nMTNTtYBC7x3MSWXd+z1 dVEV9eBDzK1eovf6n1YrVPLapWOA3+4ssYVGZ+/J9JjfW0RnhXSFZ9Yxnq/j8Zoy CbQKZ903ncWF/DbliIkGYByO+4Hol2g0ZnFqTeO7d4Dsnf9+AVHqEB1dJJmR6qK/ 4TgNVP4IUDpJjemVPFwYI5tFuzsXsjv6MvrLQR1wnFme1691Lc6DOekda8ZWfiRU taJlCBay9BuuoAtP7jG0T5ZU8nZLUGTCFY2ubs2IM9OBJr1MD7SYuODMwJeivVsv Ut6jBCGUoo2bBlJpOoCYUnCSpk7OW368WYUHD0LsnqmUkaTtGgQiJuSOs1N9/3wy 4aEvaLak0xsquzDn7SE70lrNPBRBc4/Rliv9jXRSA+xwsK5Rqtji/LHRtWibaOHd wI5Zyq8/7JtaUWrCrwhAbyUFd3lr7hZFFDERLgpQJkIn6cmS+O6FWi7835vkURIO n8Cd6teIejPCfMpyd9pf =PSaI -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- The new Secunia CSI 6.0 is now available in beta! Seamless integration with your existing security solutions Sign-up to become a Beta tester: http://secunia.com/csi6beta ---------------------------------------------------------------------- TITLE: Apple Remote Desktop Information Disclosure Security Issue SECUNIA ADVISORY ID: SA50352 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50352/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50352 RELEASE DATE: 2012-08-21 DISCUSS ADVISORY: http://secunia.com/advisories/50352/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50352/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50352 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Apple Remote Desktop, which may disclose sensitive information to malicious people. The security issue is reported in versions 3.5.2 through 3.6. SOLUTION: Update to version 3.6.1. PROVIDED AND/OR DISCOVERED BY: The vendor credits Mark S. C. Smith. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT5433 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2012-0681 // JVNDB: JVNDB-2012-003791 // CNVD: CNVD-2012-4386 // BID: 55100 // VULHUB: VHN-53962 // PACKETSTORM: 115720 // PACKETSTORM: 116670 // PACKETSTORM: 115730

AFFECTED PRODUCTS

vendor:	apple	model:	remote desktop	scope:	eq	version:	3.5.2	Trust: 1.6
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.6.0	Trust: 1.6
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.5.3	Trust: 1.6
vendor:	apple	model:	remote desktop	scope:	lt	version:	3.6.1	Trust: 0.8
vendor:	apple	model:	remote desktop	scope:	eq	version:	3.x	Trust: 0.6

sources: CNVD: CNVD-2012-4386 // JVNDB: JVNDB-2012-003791 // CNNVD: CNNVD-201208-374 // NVD: CVE-2012-0681

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-0681
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-0681
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201208-374
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-53962
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-0681
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-53962
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-53962 // JVNDB: JVNDB-2012-003791 // CNNVD: CNNVD-201208-374 // NVD: CVE-2012-0681

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.9

sources: VULHUB: VHN-53962 // JVNDB: JVNDB-2012-003791 // NVD: CVE-2012-0681

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 115720 // PACKETSTORM: 116670 // PACKETSTORM: 115730 // CNNVD: CNNVD-201208-374

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201208-374

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-003791

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-53962

PATCH

title:	APPLE-SA-2012-08-20-1	url:	http://lists.apple.com/archives/security-announce/2012/Aug/msg00000.html	Trust: 0.8
title:	HT5433	url:	http://support.apple.com/kb/HT5433	Trust: 0.8
title:	HT5433	url:	http://support.apple.com/kb/HT5433?viewlocale=ja_JP	Trust: 0.8
title:	Patch for Apple Remote Desktop Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/20233	Trust: 0.6

sources: CNVD: CNVD-2012-4386 // JVNDB: JVNDB-2012-003791

EXTERNAL IDS

db:	NVD	id:	CVE-2012-0681	Trust: 3.6
db:	BID	id:	55100	Trust: 1.4
db:	SECUNIA	id:	50352	Trust: 1.3
db:	JVNDB	id:	JVNDB-2012-003791	Trust: 0.8
db:	CNNVD	id:	CNNVD-201208-374	Trust: 0.7
db:	CNVD	id:	CNVD-2012-4386	Trust: 0.6
db:	NSFOCUS	id:	20402	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2012-08-20-1	Trust: 0.6
db:	PACKETSTORM	id:	115720	Trust: 0.2
db:	PACKETSTORM	id:	116670	Trust: 0.2
db:	VULHUB	id:	VHN-53962	Trust: 0.1
db:	PACKETSTORM	id:	115730	Trust: 0.1

sources: CNVD: CNVD-2012-4386 // VULHUB: VHN-53962 // BID: 55100 // JVNDB: JVNDB-2012-003791 // PACKETSTORM: 115720 // PACKETSTORM: 116670 // PACKETSTORM: 115730 // CNNVD: CNNVD-201208-374 // NVD: CVE-2012-0681

REFERENCES

url:	http://support.apple.com/kb/ht5433	Trust: 1.8
url:	http://lists.apple.com/archives/security-announce/2012/aug/msg00000.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/55100	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0681	Trust: 0.8
url:	http://www.jpcert.or.jp/wr/2012/wr123301.html#3	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu420412/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0681	Trust: 0.8
url:	http://secunia.com/advisories/50352/http	Trust: 0.6
url:	http://secunia.com/advisories/50352	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/20402	Trust: 0.6
url:	http://www.apple.com	Trust: 0.3
url:	http://www.apple.com/support/downloads/	Trust: 0.2
url:	https://www.apple.com/support/security/pgp/	Trust: 0.2
url:	http://support.apple.com/kb/ht1222	Trust: 0.2
url:	http://gpgtools.org	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2012-0681	Trust: 0.2
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=50352	Trust: 0.1
url:	http://secunia.com/csi6beta	Trust: 0.1
url:	http://secunia.com/advisories/50352/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/50352/#comments	Trust: 0.1

CREDITS

Mark S. C. Smith

Trust: 0.3

sources: BID: 55100

SOURCES

db:	CNVD	id:	CNVD-2012-4386
db:	VULHUB	id:	VHN-53962
db:	BID	id:	55100
db:	JVNDB	id:	JVNDB-2012-003791
db:	PACKETSTORM	id:	115720
db:	PACKETSTORM	id:	116670
db:	PACKETSTORM	id:	115730
db:	CNNVD	id:	CNNVD-201208-374
db:	NVD	id:	CVE-2012-0681

LAST UPDATE DATE

2025-04-11T23:16:40.476000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-4386	date:	2012-08-23T00:00:00
db:	VULHUB	id:	VHN-53962	date:	2013-04-02T00:00:00
db:	BID	id:	55100	date:	2012-09-18T08:00:00
db:	JVNDB	id:	JVNDB-2012-003791	date:	2012-08-23T00:00:00
db:	CNNVD	id:	CNNVD-201208-374	date:	2012-08-23T00:00:00
db:	NVD	id:	CVE-2012-0681	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2012-4386	date:	2012-08-23T00:00:00
db:	VULHUB	id:	VHN-53962	date:	2012-08-22T00:00:00
db:	BID	id:	55100	date:	2012-08-20T00:00:00
db:	JVNDB	id:	JVNDB-2012-003791	date:	2012-08-23T00:00:00
db:	PACKETSTORM	id:	115720	date:	2012-08-20T23:23:23
db:	PACKETSTORM	id:	116670	date:	2012-09-18T15:59:55
db:	PACKETSTORM	id:	115730	date:	2012-08-21T03:04:43
db:	CNNVD	id:	CNNVD-201208-374	date:	2012-08-23T00:00:00
db:	NVD	id:	CVE-2012-0681	date:	2012-08-22T10:42:04.507