CVE-2010-1381

Опубликовано: 17 июн. 2010

Источник: nvd

CVSS2: 3.5

EPSS Низкий

Описание

The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. NOTE: this might overlap CVE-2010-0926.

Ссылки

http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
Vendor Advisory
http://secunia.com/advisories/40220
Vendor Advisory
http://securitytracker.com/id?1024103
http://support.apple.com/kb/HT4188
Patch
Vendor Advisory
http://www.securityfocus.com/bid/40871
Patch
http://www.vupen.com/english/advisories/2010/1481
Vendor Advisory
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
Vendor Advisory
http://secunia.com/advisories/40220
Vendor Advisory
http://securitytracker.com/id?1024103
http://support.apple.com/kb/HT4188
Patch
Vendor Advisory
http://www.securityfocus.com/bid/40871
Patch
http://www.vupen.com/english/advisories/2010/1481
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*

EPSS

Процентиль: 57%

0.00352

Низкий

3.5 Low

CVSS2

Дефекты

CWE-16

Связанные уязвимости

GHSA-pfw5-rj4c-2cm8

github

почти 4 года назад