CVE-2008-3609Apple MAC OS X vulnerability

CWE-2643 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.1%
top 81.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple MAC OS XApple MAC OS X Server
Timeline
PublishedSep 16
Latest updateMay 2

Description

The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

NVDapple/mac_os_x5 versions+4
NVDapple/mac_os_x_server5 versions+4

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-cp3p-5vfr-phpw: The kernel in Apple Mac OS X 102022-05-02
CVEList
CVE-2008-3609: The kernel in Apple Mac OS X 102008-09-16
CVE-2008-3609 — Apple MAC OS X vulnerability | cvebase