CVE-2009-0013

Loading...

General

Score:2.1/10.0
Severity:Low
Category:Access Management Error
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:None
Availability:None

Exploitability Metrics

Access Vector:Local
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2006-1861, CVE-2006-3467, CVE-2007-1351, CVE-2007-1352, CVE-2007-1667, CVE-2007-4565, CVE-2007-4965, CVE-2008-1377, CVE-2008-1379, CVE-2008-1679, CVE-2008-1721, CVE-2008-1806, CVE-2008-1807, CVE-2008-1808, CVE-2008-1887, CVE-2008-1927, CVE-2008-2315, CVE-2008-2316, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362, CVE-2008-2379, CVE-2008-2711, CVE-2008-3142, CVE-2008-3144, CVE-2008-3663, CVE-2008-4864, CVE-2008-5031, CVE-2008-5050, CVE-2008-5183, CVE-2008-5314, CVE-2009-0009, CVE-2009-0011, CVE-2009-0012, CVE-2009-0014, CVE-2009-0015, CVE-2009-0017, CVE-2009-0018, CVE-2009-0019, CVE-2009-0020, CVE-2009-0137, CVE-2009-0138, CVE-2009-0139, CVE-2009-0140, CVE-2009-0141, CVE-2009-0142

Published on 13/02/09 - Updated on 08/08/17

Description

dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information.

Category: Access Management Error

CWE-255 (Credentials Management)
Weaknesses in this category are related to the management of credentials.

Security Notices

US National Vulnerability DatabaseCVE-2009-0013
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2009-AVI-068
Renater 2009/VULN046

Exploits

SecurityFocusBID-33815

Relative technologies

VendorProduct
applemac_os_x
applemac_os_x_server

Share this vulnerability with:

Twitter Facebook LinkedIn Mail