Vulnerability Bulletins |
Múltiples vulnerabilidades en MacOS X 10.2.4 y anteriores |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Compromiso Root |
| Dificulty | Avanzado |
| Required attacker level | Acceso remoto con cuenta |
System information |
|
| Property | Value |
| Affected manufacturer | Comercial Software |
| Affected software |
MacOS X <= MacOS X 10.2.4 - "Directory Services" - "Personal File Sharing" - "Apple File Service" |
Description |
|
| Recientemente, se han descubierto dos vulnerabilidades en MacOS X 10.2.4 y anteriores. La primera vulnerabilidad permite que un usuario del sistema pueda ejcutar cualquier comando con privilegios de administrador; la segunda permite obtener acceso de lectura a ficheros no autorizados. | |
Solution |
|
|
Actualización de software: Actualización a MacOS X 10.2.5 Para Mac OS X 10.2 a 10.2.3 : "MacOSXUpdateCombo10.2.5.dmg" http://www.info.apple.com/kbnum/n120210 Para Mac OS X 10.2.4 "MacOSXUpdate10.2.5.dmg" http://www.info.apple.com/kbnum/n120211 |
|
Standar resources |
|
| Property | Value |
| CVE |
CAN-2003-0171 CAN-2003-0198 |
| BID | |
Other resources |
|
|
Apple security advisory APPLE-SA-2003-04-10 dated April 10, 2003 http://www.apple.com/support/security/security_updates.html Atstake security advisory a041003-1 dated April 10, 2003 http://www.atstake.com/research/advisories/2003/a041003-1.txt |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2003-04-16 |