Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0676

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0676
Last Modified 05 Sep 2008 04:28:39
Published 11 Jul 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0676

Summary

SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.1

  • Apple Mac Os X 10.1.1

  • Apple Mac Os X 10.1.2

  • Apple Mac Os X 10.1.3

  • Apple Mac Os X 10.1.4

  • Apple Mac Os X 10.1.5


References

BID - 5176

OSVDB - 5137

XF - macos-softwareupdate-no-auth(9502)

MISC - http://www.cunap.com/~hardingr/projects/osx/exploit.html


Last Updated: 27 May 2016 10:37:02