CVE-2009-0013Apple MAC OS X vulnerability

CWE-2555 documents4 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 78.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple MAC OS XApple MAC OS X Server
Timeline
PublishedFeb 13
Latest updateMay 2

Description

dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

NVDapple/mac_os_x10.4.11, 10.5.6+1
NVDapple/mac_os_x_server10.4.11, 10.5.6+1

Patches

Patch: lists.apple.comPatch: lists.apple.com

🔴Vulnerability Details

2
GHSA
GHSA-fm4c-rhwr-8jwq: dscl in DS Tools in Apple Mac OS X 102022-05-02
CVEList
CVE-2009-0013: dscl in DS Tools in Apple Mac OS X 102009-02-13

💬Community

2
Bugzilla
CVE-2010-0277 pidgin MSN protocol plugin memory corruption2010-01-11
Bugzilla
CVE-2010-0013 pidgin/libpurple: MSN custom smiley request directory traversal file disclosure2010-01-05
CVE-2009-0013 — Apple MAC OS X vulnerability | cvebase