CVE-2003-0088
https://notcve.org/view.php?id=CVE-2003-0088
TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to overwrite or create arbitrary files and gain root privileges by setting a certain environment variable that is used to write debugging information. TruBlueEnvironment para MacOS 10.2.3 y anteriores permite a usuarios locales sobreescribir o crear ficheros arbitrarios y ganar privilegios de root estableciendo cierta variable de entorno que es usada para establecer información de depuración. • http://docs.info.apple.com/article.html?artnum=61798 http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt http://www.atstake.com/research/advisories/2003/a021403-1.txt http://www.iss.net/security_center/static/11332.php http://www.securityfocus.com/bid/6859 •
CVE-2003-0049
https://notcve.org/view.php?id=CVE-2003-0049
Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows administrators to log in as other users by using the administrator password. AFP en Mac OS X anterior a 10.2.4 permite a administradores iniciar sesión como otros usuarios usando la contraseña de administrador. • http://docs.info.apple.com/article.html?artnum=61798 http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt http://securitytracker.com/id?1006107 http://www.iss.net/security_center/static/11333.php http://www.securityfocus.com/bid/6860 •
CVE-2002-1898 – Apple Mac OSX 10.2 - Terminal.APP Telnet Link Command Execution
https://notcve.org/view.php?id=CVE-2002-1898
Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a telnet:// link, which is executed by Terminal.app window. • https://www.exploit-db.com/exploits/21815 http://apple.slashdot.org/apple/02/09/21/122236.shtml?tid=172 http://lists.apple.com/archives/security-announce/2002/Sep/msg00001.html http://www.iss.net/security_center/static/10156.php http://www.securityfocus.com/bid/5768 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2002-2326
https://notcve.org/view.php?id=CVE-2002-2326
The default configuration of Mail.app in Mac OS X 10.0 through 10.0.4 and 10.1 through 10.1.5 sends iDisk authentication credentials in cleartext when connecting to Mac.com, which could allow remote attackers to obtain passwords by sniffing network traffic. • http://archives.neohapsis.com/archives/bugtraq/2002-07/0276.html http://archives.neohapsis.com/archives/bugtraq/2002-07/0281.html http://www.iss.net/security_center/static/9670.php http://www.securityfocus.com/bid/5303 • CWE-310: Cryptographic Issues •
CVE-2002-1372
https://notcve.org/view.php?id=CVE-2002-1372
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta. Common Unix Printing System (CUPS) 1.1.14 a 1.1.17 no comprueba adecuadamente los valores de retorno de varias operaciones de ficheros y sockets, lo que podría permitir a un atacante remoto causar una denegación de servicio (consumición de recursos) haciendo que descriptores de ficheros sean asignados y no liberados, como ha sido demostrado por fanta. • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702 http://marc.info/?l=bugtraq&m=104032149026670&w=2 http://www.debian.org/security/2003/dsa-232 http://www.idefense.com/advisory/12.19.02.txt http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001 http://www.novell.com/linux/security/advisories/2003_002_cups.html http://www.redhat.com/support/errata/RHSA-2002-295.html http:// • CWE-252: Unchecked Return Value •