Vulnerability Details CVE-2010-0545
The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, does not set the expected file ownerships during an "Apply to enclosed items" action, which allows local users to bypass intended access restrictions via normal filesystem operations.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.5%
CVSS Severity
CVSS v2 Score 4.4
References
- http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
- http://secunia.com/advisories/40220
- http://securitytracker.com/id?1024103
- http://support.apple.com/kb/HT4188
- http://www.securityfocus.com/bid/40871
- http://www.vupen.com/english/advisories/2010/1481
- http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
- http://secunia.com/advisories/40220
- http://securitytracker.com/id?1024103
- http://support.apple.com/kb/HT4188
- http://www.securityfocus.com/bid/40871
- http://www.vupen.com/english/advisories/2010/1481
Products affected by CVE-2010-0545
-
cpe:2.3:o:apple:mac_os_x:10.5.8
-
cpe:2.3:o:apple:mac_os_x:10.6.0
-
cpe:2.3:o:apple:mac_os_x:10.6.1
-
cpe:2.3:o:apple:mac_os_x:10.6.2
-
cpe:2.3:o:apple:mac_os_x:10.6.3
-
cpe:2.3:o:apple:mac_os_x_server:10.5.8
-
cpe:2.3:o:apple:mac_os_x_server:10.6.0
-
cpe:2.3:o:apple:mac_os_x_server:10.6.1
-
cpe:2.3:o:apple:mac_os_x_server:10.6.2
-
cpe:2.3:o:apple:mac_os_x_server:10.6.3