CVE-2010-0545 — Apple MAC OS X vulnerability

CWE-2644 documents4 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 78.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X Apple MAC OS X Server

Timeline

PublishedJun 17

Latest updateMay 2

Description

The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, does not set the expected file ownerships during an "Apply to enclosed items" action, which allows local users to bypass intended access restrictions via normal filesystem operations.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages2 packages

▶NVDapple/mac_os_x5 versions+4

▶NVDapple/mac_os_x_server5 versions+4

Patches

Patch: support.apple.com ↗Patch: www.securityfocus.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-6g4r-52jh-xv73: The Finder in DesktopServices in Apple Mac OS X 10↗2022-05-02

▶

CVEList

CVE-2010-0545: The Finder in DesktopServices in Apple Mac OS X 10↗2010-06-17

▶

📋Vendor Advisories

Red Hat

Squid: Denial of service due internal error in string handling (SQUID-2010:3)↗2010-09-03

▶