CVE-2003-0876 — Incorrect Execution-Assigned Permissions in Apple MAC OS X

CWE-279 — Incorrect Execution-Assigned Permissions3 documents3 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 75.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X Apple MAC OS X Server

Timeline

PublishedNov 3

Latest updateApr 29

Description

Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute permissions on directories when they are dragged (copied) from a mounted volume such as a disk image (DMG), which could cause the directories to have less restrictive permissions than intended.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶NVDapple/mac_os_x20 versions+19

▶NVDapple/mac_os_x_server10 versions+9

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-m9jq-pc5f-h7j2: Finder in Mac OS X 10↗2022-04-29

▶

📐Framework References

CWE

Incorrect Execution-Assigned Permissions↗

▶