Lucene search
HistorySep 16, 2008 - 11:00 p.m.
CVE-2008-3609
cve-2008-3609
apple
mac os x
kernel
credentials
permissions
bypass
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.3%
The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file.
Affected configurations
Node
applemac_os_xMatch10.5
ORapplemac_os_xMatch10.5.1
ORapplemac_os_xMatch10.5.2
ORapplemac_os_xMatch10.5.3
ORapplemac_os_xMatch10.5.4
ORapplemac_os_x_serverMatch10.5
ORapplemac_os_x_serverMatch10.5.1
ORapplemac_os_x_serverMatch10.5.2
ORapplemac_os_x_serverMatch10.5.3
ORapplemac_os_x_serverMatch10.5.4
References
Related
cvelist
cvelist
CVE-2008-3609
2008-09-16 23:00:00
nvd
nvd
CVE-2008-3609
2008-09-16 23:00:01
prion
prion
Design/Logic Flaw
2008-09-16 23:00:00
nessus
nessus
Mac OS X 10.5.x < 10.5.5 Multiple Vulnerabilities
2008-09-16 00:00:00
Mac OS X Multiple Vulnerabilities (Security Update 2008-006)
2008-09-16 00:00:00
openvas
openvas
Mac OS X 10.5.5 Update / Security Update 2008-006
2010-05-12 00:00:00
Mac OS X 10.5.5 Update / Security Update 2008-006
2010-05-12 00:00:00
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.3%
Related for CVE-2008-3609