CVE-2010-0498Improper Authentication in Apple MAC OS X

CWE-287Improper Authentication4 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.0%
top 87.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple MAC OS XApple MAC OS X Server
Timeline
PublishedMar 30
Latest updateMay 2

Description

Directory Services in Apple Mac OS X before 10.6.3 does not properly perform authorization during processing of record names, which allows local users to gain privileges via unspecified vectors.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

NVDapple/mac_os_x10.6.2+12
NVDapple/mac_os_x_server10.6.2+12

Patches

Patch: lists.apple.comPatch: support.apple.comPatch: lists.apple.com

🔴Vulnerability Details

2
GHSA
GHSA-frm6-2pc6-6cxf: Directory Services in Apple Mac OS X before 102022-05-02
CVEList
CVE-2010-0498: Directory Services in Apple Mac OS X before 102010-03-30

📋Vendor Advisories

1
Red Hat
kernel: DoS (crash) due slab corruption in inotify_init1 (incomplete fix for CVE-2010-4250)2011-04-05
CVE-2010-0498 — Improper Authentication in Apple | cvebase