Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0171

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2003-0171
Last Modified 10 Sep 2008 03:18:10
Published 05 May 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2003-0171

Summary

DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.0

  • Apple Mac Os X 10.0.1

  • Apple Mac Os X 10.0.2

  • Apple Mac Os X 10.0.3

  • Apple Mac Os X 10.0.4

  • Apple Mac Os X 10.1

  • Apple Mac Os X 10.1.1

  • Apple Mac Os X 10.1.2

  • Apple Mac Os X 10.1.3

  • Apple Mac Os X 10.1.4

  • Apple Mac Os X 10.1.5

  • Apple Mac Os X 10.2

  • Apple Mac Os X 10.2.1

  • Apple Mac Os X 10.2.2

  • Apple Mac Os X 10.2.3

  • Apple Mac Os X 10.2.4

  • Apple Mac Os X Server 10.0

  • Apple Mac Os X Server 10.2

  • Apple Mac Os X Server 10.2.1

  • Apple Mac Os X Server 10.2.2

  • Apple Mac Os X Server 10.2.3

  • Apple Mac Os X Server 10.2.4


References

ATSTAKE - A041003-1

CONFIRM - http://lists.apple.com/mhonarc/security-announce/msg00028.html


Last Updated: 27 May 2016 10:37:48