Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1009

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2003-1009
Last Modified 05 Sep 2008 04:35:47
Published 29 Mar 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-1009

Summary

Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 and Apple Mac OS X Server 10.2 through 10.3.2 accepts authentication server information from unknown LDAP or NetInfo sources as provided by a malicious DHCP server, which allows remote attackers to gain privileges.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.0.2

  • Apple Mac Os X 10.0.3

  • Apple Mac Os X 10.2.8

  • Apple Mac Os X 10.3.2

  • Apple Mac Os X Server 10.2

  • Apple Mac Os X Server 10.2.1

  • Apple Mac Os X Server 10.2.2

  • Apple Mac Os X Server 10.2.3

  • Apple Mac Os X Server 10.2.4

  • Apple Mac Os X Server 10.2.5

  • Apple Mac Os X Server 10.2.6

  • Apple Mac Os X Server 10.2.7

  • Apple Mac Os X Server 10.2.8

  • Apple Mac Os X Server 10.3

  • Apple Mac Os X Server 10.3.1

  • Apple Mac Os X Server 10.3.2


References

XF - macos-dhcp-gain-privileges(13874)

CONFIRM - http://docs.info.apple.com/article.html?artnum=61798

BID - 9110

MISC - http://www.carrel.org/dhcp-vuln.html

MISC - http://docs.info.apple.com/article.html?artnum=32478


Last Updated: 27 May 2016 10:38:08