CVSS: 7.2EPSS: 0%CPEs: 22EXPL: 1CVE-2003-0171 – Apple Mac OSX 10.2.4 - DirectoryService 'PATH' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2003-0171
DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program. DirectoryServices en MacOS X se fia de la variable de entorno PATH para localizar y ejecutar el comando touch, lo que permite a usurarios locales ejecutar comandos arbitrarios modificando PATH para que apunte a un directorio que contenga un programa 'touch' malicioso. • https://www.exploit-db.com/exploits/15 http://lists.apple.com/mhonarc/security-announce/msg00028.html http://www.atstake.com/research/advisories/2003/a041003-1.txt •
CVSS: 6.4EPSS: 0%CPEs: 21EXPL: 0CVE-2003-0198
https://notcve.org/view.php?id=CVE-2003-0198
Mac OS X before 10.2.5 allows guest users to modify the permissions of the DropBox folder and read unauthorized files. Mac OS X anteriores a 10.2.5 permite a usuarios invitados modificar los permisos de la carpeta DropBox y leer ficheros no autorizados. • http://lists.apple.com/mhonarc/security-announce/msg00028.html •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2003-0049
https://notcve.org/view.php?id=CVE-2003-0049
Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows administrators to log in as other users by using the administrator password. AFP en Mac OS X anterior a 10.2.4 permite a administradores iniciar sesión como otros usuarios usando la contraseña de administrador. • http://docs.info.apple.com/article.html?artnum=61798 http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt http://securitytracker.com/id?1006107 http://www.iss.net/security_center/static/11333.php http://www.securityfocus.com/bid/6860 •
CVSS: 9.8EPSS: 13%CPEs: 3EXPL: 0CVE-2002-1347
https://notcve.org/view.php?id=CVE-2002-1347
Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string. Desbordamiento de búfer en la librería Cyrus SASL 2.1.9 y anteriores permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante entradas largas durante la canonización de nombre de usuario caractéres que necesitan ser escapados durante autenticación LDAP usando saslauth, o un error por uno en el escritor del log, que no asigna espacio para el carácter nulo que termina la cadena. • http://archives.neohapsis.com/archives/linux/suse/2002-q4/1275.html http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557 http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html http://marc.info/?l=bugtraq&m=103946297703402&w=2 http://www.debian.org/security/2002/dsa-215 http://www.redhat.com/support/errata/RHSA-2002-283.html http://www.securityfocus.com/advisories/4826 http://www.securityfocus.com/bid/6347 http://www.securityfocus.com/bid/6348 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 5.0EPSS: 4%CPEs: 59EXPL: 0CVE-2002-1265
https://notcve.org/view.php?id=CVE-2002-1265
The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang). La funcionalidad RPC de Sun en múltiples implementaciones de libc no provee de un mecanismo de exceso de tiempo cuando se leen datos de conexiones TCP, lo que permite a atacantes remotos causar una denegación de servicio (cuelgue) • ftp://patches.sgi.com/support/free/security/advisories/20021103-01-P http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/51082 http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2004.0800.1 http://www.info.apple.com/usen/security/security_updates.html http://www.iss.net/security_center/static/10539.php http://www.kb.cert.org/vuls/id/266817 http://www.securityfocus.com/bid/6103 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.m •