Lucene search

[email protected]CVE-2011-1073

HistoryMar 04, 2011 - 11:00 p.m.

CVE-2011-1073

2011-03-0423:00:01

CWE-59

[email protected]

web.nvd.nist.gov

vulnerability

crontab.c

freebsd

apple mac os x

symlink attack

file existence

md5 checksum

nvd

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.8%

JSON

crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files.

Affected configurations

NVD

Node

applemac_os_x

freebsdfreebsd

CPENameOperatorVersion
apple:mac_os_xapple mac os xeq*
freebsd:freebsdfreebsdeq*

CPE	Name	Operator	Version
apple:mac_os_x	apple mac os x	eq	*
freebsd:freebsd	freebsd	eq	*

References

marc.info/?l=full-disclosure&m=129891323028897&w=2

openwall.com/lists/oss-security/2011/02/28/14

openwall.com/lists/oss-security/2011/02/28/6

securityreason.com/securityalert/8117

www.securityfocus.com/archive/1/516716/100/0/threaded

www.securityfocus.com/bid/46604

exchange.xforce.ibmcloud.com/vulnerabilities/65899

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.8%

JSON

Related for CVE-2011-1073

nvd1 cvelist1 prion1 debiancve1