Lucene search

[email protected]CVE-2002-0676

HistoryApr 02, 2003 - 5:00 a.m.

CVE-2002-0676

2003-04-0205:00:00

[email protected]

web.nvd.nist.gov

cve-2002-0676

software update

macos 10.1.x

remote code execution

unauthenticated downloads

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.066 Low

EPSS

Percentile

93.8%

JSON

SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.

Affected configurations

NVD

Node

applemac_os_xMatch10.1

applemac_os_xMatch10.1.1

applemac_os_xMatch10.1.2

applemac_os_xMatch10.1.3

applemac_os_xMatch10.1.4

applemac_os_xMatch10.1.5

CPENameOperatorVersion
apple:mac_os_xapple mac os xeq10.1
apple:mac_os_xapple mac os xeq10.1.1
apple:mac_os_xapple mac os xeq10.1.2
apple:mac_os_xapple mac os xeq10.1.3
apple:mac_os_xapple mac os xeq10.1.4
apple:mac_os_xapple mac os xeq10.1.5

CPE	Name	Operator	Version
apple:mac_os_x	apple mac os x	eq	10.1
apple:mac_os_x	apple mac os x	eq	10.1.1
apple:mac_os_x	apple mac os x	eq	10.1.2
apple:mac_os_x	apple mac os x	eq	10.1.3
apple:mac_os_x	apple mac os x	eq	10.1.4
apple:mac_os_x	apple mac os x	eq	10.1.5

References

www.cunap.com/~hardingr/projects/osx/exploit.html

www.iss.net/security_center/static/9502.php

www.osvdb.org/5137

www.securityfocus.com/bid/5176

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.066 Low

EPSS

Percentile

93.8%

JSON

Related for CVE-2002-0676

nvd1 cvelist1