ID CVE-2017-2675Type cveReporter cve@mitre.orgModified 2019-10-03T00:03:00
Description
Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file "at.obdev.littlesnitchd.plist" which gets installed to /Library/LaunchDaemons.
{"id": "CVE-2017-2675", "bulletinFamily": "NVD", "title": "CVE-2017-2675", "description": "Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file \"at.obdev.littlesnitchd.plist\" which gets installed to /Library/LaunchDaemons.", "published": "2017-04-06T15:59:00", "modified": "2019-10-03T00:03:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2675", "reporter": "cve@mitre.org", "references": ["https://www.obdev.at/products/littlesnitch/releasenotes.html", "https://twitter.com/patrickwardle/status/849076615170711552"], "cvelist": ["CVE-2017-2675"], "type": "cve", "lastseen": "2019-10-04T12:19:07", "history": [{"bulletin": {"affectedSoftware": [{"name": "objective_development little_snitch", "operator": "eq", "version": "3.6.2"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.6.1"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.0.4"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.1.1"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.0.2"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.5"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.7.3"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.4.2"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.7.2"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.5.2"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.3.4"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.5.1"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.5.3"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.7"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.0"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.0.3"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.7.1"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.4.1"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.3.2"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.3"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.4"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.6.3"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.3.1"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.6.4"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.1"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.0.1"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.3.3"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.6"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:objective_development:little_snitch:3.3", "cpe:/a:objective_development:little_snitch:3.6.2", "cpe:/a:objective_development:little_snitch:3.1", "cpe:/a:objective_development:little_snitch:3.5.2", "cpe:/a:objective_development:little_snitch:3.4", "cpe:/a:objective_development:little_snitch:3.3.1", "cpe:/a:objective_development:little_snitch:3.1.1", "cpe:/a:objective_development:little_snitch:3.4.1", "cpe:/a:objective_development:little_snitch:3.7.2", "cpe:/a:objective_development:little_snitch:3.3.4", "cpe:/a:objective_development:little_snitch:3.0.2", "cpe:/a:objective_development:little_snitch:3.5.1", "cpe:/a:objective_development:little_snitch:3.3.2", "cpe:/a:objective_development:little_snitch:3.0", "cpe:/a:objective_development:little_snitch:3.6.4", "cpe:/a:objective_development:little_snitch:3.7.3", "cpe:/a:objective_development:little_snitch:3.7", "cpe:/a:objective_development:little_snitch:3.5", "cpe:/a:objective_development:little_snitch:3.5.3", "cpe:/a:objective_development:little_snitch:3.3.3", "cpe:/a:objective_development:little_snitch:3.0.3", "cpe:/a:objective_development:little_snitch:3.0.1", "cpe:/a:objective_development:little_snitch:3.6", "cpe:/a:objective_development:little_snitch:3.6.1", "cpe:/a:objective_development:little_snitch:3.0.4", "cpe:/a:objective_development:little_snitch:3.7.1", "cpe:/a:objective_development:little_snitch:3.6.3", "cpe:/a:objective_development:little_snitch:3.4.2"], "cpe23": ["cpe:2.3:a:objective_development:little_snitch:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.6:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.3:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.7:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.4:*:*:*:*:*:*:*"], "cvelist": ["CVE-2017-2675"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-264"], "description": "Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file \"at.obdev.littlesnitchd.plist\" which gets installed to /Library/LaunchDaemons.", "edition": 1, "enchantments": {"dependencies": {"modified": "2019-05-29T18:16:59", "references": []}, "score": {"modified": "2019-05-29T18:16:59", "value": 3.6, "vector": "NONE"}}, "hash": "9f5a0dba06d1181cd6a06222c83090a3c1d105d6e85b63dd765d5c6444d49216", "hashmap": [{"hash": "8276bc70c7f677aa76cab05eb13112f9", "key": "description"}, {"hash": "c961087016692dc91ef469c13ef8dacc", "key": "references"}, {"hash": "eb606c6b9e78b7631f6360c118587b9d", "key": "cvelist"}, {"hash": "14fe5e31f1a40eb81097792f89c9e4f2", "key": "href"}, {"hash": "fa12e087f68642fcaefafba0d4583885", "key": "cwe"}, {"hash": "56dcf6687c7350b8f52a56aec2cd38c8", "key": "affectedSoftware"}, {"hash": "77a06168ea28e330fa0a440746d3f3b3", "key": "cvss3"}, {"hash": "4ee87e5464040a44c7f48c3e98b6a5d8", "key": "title"}, {"hash": "e46c8cd504eefb57d06f9fba1674f6ec", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "e4ec4bd68a907a595de1a90854595789", "key": "modified"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "a5cd124b7a72104d4054ea59c286c50d", "key": "cvss2"}, {"hash": "96508467322842ce3fe9046284857f91", "key": "cpe23"}, {"hash": "35ea23bc00a541fc2d9e7d21441caf7c", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2675", "id": "CVE-2017-2675", "lastseen": "2019-05-29T18:16:59", "modified": "2017-04-12T19:25:00", "objectVersion": "1.3", "published": "2017-04-06T15:59:00", "references": ["https://www.obdev.at/products/littlesnitch/releasenotes.html", "https://twitter.com/patrickwardle/status/849076615170711552"], "reporter": "cve@mitre.org", "title": "CVE-2017-2675", "type": "cve", "viewCount": 0}, "differentElements": ["modified", "cwe"], "edition": 1, "lastseen": "2019-05-29T18:16:59"}], "edition": 2, "hashmap": [{"key": "affectedSoftware", "hash": "56dcf6687c7350b8f52a56aec2cd38c8"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "e46c8cd504eefb57d06f9fba1674f6ec"}, {"key": "cpe23", "hash": "96508467322842ce3fe9046284857f91"}, {"key": "cvelist", "hash": "eb606c6b9e78b7631f6360c118587b9d"}, {"key": "cvss", "hash": "6f6410364e4cee78bd47ed1fc3d8dd5b"}, {"key": "cvss2", "hash": "a5cd124b7a72104d4054ea59c286c50d"}, {"key": "cvss3", "hash": "77a06168ea28e330fa0a440746d3f3b3"}, {"key": "cwe", "hash": "d370d473ba1bd1721d669ef98e2aeebb"}, {"key": "description", "hash": "8276bc70c7f677aa76cab05eb13112f9"}, {"key": "href", "hash": "14fe5e31f1a40eb81097792f89c9e4f2"}, {"key": "modified", "hash": "1f0cc7832f07ee78350b613e89af69f8"}, {"key": "published", "hash": "35ea23bc00a541fc2d9e7d21441caf7c"}, {"key": "references", "hash": "c961087016692dc91ef469c13ef8dacc"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "4ee87e5464040a44c7f48c3e98b6a5d8"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "d10f15d4f25b5ff4bd5db24d3a6cc187931156d1800d800e43aeadb374a01104", "viewCount": 0, "enchantments": {"dependencies": {"references": [], "modified": "2019-10-04T12:19:07"}, "score": {"value": 3.6, "vector": "NONE", "modified": "2019-10-04T12:19:07"}, "vulnersScore": 3.6}, "objectVersion": "1.3", "cpe": ["cpe:/a:objective_development:little_snitch:3.3", "cpe:/a:objective_development:little_snitch:3.6.2", "cpe:/a:objective_development:little_snitch:3.1", "cpe:/a:objective_development:little_snitch:3.5.2", "cpe:/a:objective_development:little_snitch:3.4", "cpe:/a:objective_development:little_snitch:3.3.1", "cpe:/a:objective_development:little_snitch:3.1.1", "cpe:/a:objective_development:little_snitch:3.4.1", "cpe:/a:objective_development:little_snitch:3.7.2", "cpe:/a:objective_development:little_snitch:3.3.4", "cpe:/a:objective_development:little_snitch:3.0.2", "cpe:/a:objective_development:little_snitch:3.5.1", "cpe:/a:objective_development:little_snitch:3.3.2", "cpe:/a:objective_development:little_snitch:3.0", "cpe:/a:objective_development:little_snitch:3.6.4", "cpe:/a:objective_development:little_snitch:3.7.3", "cpe:/a:objective_development:little_snitch:3.7", "cpe:/a:objective_development:little_snitch:3.5", "cpe:/a:objective_development:little_snitch:3.5.3", "cpe:/a:objective_development:little_snitch:3.3.3", "cpe:/a:objective_development:little_snitch:3.0.3", "cpe:/a:objective_development:little_snitch:3.0.1", "cpe:/a:objective_development:little_snitch:3.6", "cpe:/a:objective_development:little_snitch:3.6.1", "cpe:/a:objective_development:little_snitch:3.0.4", "cpe:/a:objective_development:little_snitch:3.7.1", "cpe:/a:objective_development:little_snitch:3.6.3", "cpe:/a:objective_development:little_snitch:3.4.2"], "affectedSoftware": [{"name": "objective_development little_snitch", "operator": "eq", "version": "3.6.2"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.6.1"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.0.4"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.1.1"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.0.2"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.5"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.7.3"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.4.2"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.7.2"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.5.2"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.3.4"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.5.1"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.5.3"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.7"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.0"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.0.3"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.7.1"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.4.1"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.3.2"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.3"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.4"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.6.3"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.3.1"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.6.4"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.1"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.0.1"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.3.3"}, {"name": "objective_development little_snitch", "operator": "eq", "version": "3.6"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cpe23": ["cpe:2.3:a:objective_development:little_snitch:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.6:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.3:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.7:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:objective_development:little_snitch:3.4:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "scheme": null}
{}
