CVE-2010-1381

2010-06-1716:30:00

CWE-16

[email protected]

web.nvd.nist.gov

smb file server

apple

mac os x

cve-2010-1381

wide links

remote access

symbolic links

5.8 Medium

AI Score

Confidence

Low

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

58.2%

JSON

The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. NOTE: this might overlap CVE-2010-0926.

CPENameOperatorVersion
apple:mac_os_xapple mac os xeq10.5.8
apple:mac_os_x_serverapple mac os x servereq10.5.8
apple:mac_os_x_serverapple mac os x servereq10.6.3
apple:mac_os_xapple mac os xeq10.6.3
apple:mac_os_x_serverapple mac os x servereq10.6.1
apple:mac_os_x_serverapple mac os x servereq10.6.2
apple:mac_os_xapple mac os xeq10.6.1
apple:mac_os_x_serverapple mac os x servereq10.6.0
apple:mac_os_xapple mac os xeq10.6.0
apple:mac_os_xapple mac os xeq10.6.2

CPE	Name	Operator	Version
apple:mac_os_x	apple mac os x	eq	10.5.8
apple:mac_os_x_server	apple mac os x server	eq	10.5.8
apple:mac_os_x_server	apple mac os x server	eq	10.6.3
apple:mac_os_x	apple mac os x	eq	10.6.3
apple:mac_os_x_server	apple mac os x server	eq	10.6.1
apple:mac_os_x_server	apple mac os x server	eq	10.6.2
apple:mac_os_x	apple mac os x	eq	10.6.1
apple:mac_os_x_server	apple mac os x server	eq	10.6.0
apple:mac_os_x	apple mac os x	eq	10.6.0
apple:mac_os_x	apple mac os x	eq	10.6.2