Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0013

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2009-0013
Last Modified 07 Mar 2011 10:17:45
Published 12 Feb 2009 07:30:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2009-0013

Summary

dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.4.11

  • Apple Mac Os X 10.5.6

  • Apple Mac Os X Server 10.4.11

  • Apple Mac Os X Server 10.5.6


References

APPLE - APPLE-SA-2009-02-12

XF - macosx-dstools-information-disclosure(48717)

VUPEN - ADV-2009-0422

BID - 33815

BID - 33759

CONFIRM - http://support.apple.com/kb/HT3438

SECTRACK - 1021722

SECUNIA - 33937

Related Patches

Apple 2009-02-12 Security Update 2009-001 Server (Tiger PPC)

Apple 2009-02-12 Security Update 2009-001 (Tiger PPC)

Apple 2009-02-12 Security Update 2009-001 Server (Tiger Intel)

Apple 2009-02-12 Security Update 2009-001 (Tiger Intel)


Last Updated: 27 May 2016 10:49:33