Lucene search

MitreCVE-2007-0022

HistoryJan 23, 2007 - 12:28 a.m.

CVE-2007-0022

2007-01-2300:28:00

mitre

web.nvd.nist.gov

cve-2007-0022

untrusted search path vulnerability

writeconfig

apple

mac os x 10.4.8

privilege escalation

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.001

Percentile

29.0%

JSON

Untrusted search path vulnerability in writeconfig in Apple Mac OS X 10.4.8 allows local users to gain privileges via a modified PATH that points to a malicious launchctl program.

Affected configurations

Nvd

Node

applemac_os_xMatch10.4.8

VendorProductVersionCPE
applemac_os_x10.4.8cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	mac_os_x	10.4.8	cpe:2.3:o:apple:mac_os_x:10.4.8:::::::*

References

docs.info.apple.com/article.html?artnum=305391

lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html

projects.info-pull.com/moab/MOAB-21-01-2007.html

secunia.com/advisories/23793

secunia.com/advisories/24966

www.osvdb.org/31605

www.securityfocus.com/bid/22148

www.securitytracker.com/id?1017941

www.us-cert.gov/cas/techalerts/TA07-109A.html

www.vupen.com/english/advisories/2007/0074

www.vupen.com/english/advisories/2007/1470

exchange.xforce.ibmcloud.com/vulnerabilities/31677

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.001

Percentile

29.0%

JSON

Related for CVE-2007-0022