Vulnerability Details CVE-2009-0013
dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.8%
CVSS Severity
CVSS v2 Score 2.1
References
- http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
- http://secunia.com/advisories/33937
- http://securitytracker.com/alerts/2009/Feb/1021722.html
- http://support.apple.com/kb/HT3438
- http://www.securityfocus.com/bid/33759
- http://www.securityfocus.com/bid/33815
- http://www.vupen.com/english/advisories/2009/0422
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48717
- http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
- http://secunia.com/advisories/33937
- http://securitytracker.com/alerts/2009/Feb/1021722.html
- http://support.apple.com/kb/HT3438
- http://www.securityfocus.com/bid/33759
- http://www.securityfocus.com/bid/33815
- http://www.vupen.com/english/advisories/2009/0422
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48717
Products affected by CVE-2009-0013
-
cpe:2.3:o:apple:mac_os_x:10.4.11
-
cpe:2.3:o:apple:mac_os_x:10.5.6
-
cpe:2.3:o:apple:mac_os_x_server:10.4.11
-
cpe:2.3:o:apple:mac_os_x_server:10.5.6