Vulnerability Description
The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, does not set the expected file ownerships during an "Apply to enclosed items" action, which allows local users to bypass intended access restrictions via normal filesystem operations.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Mac Os X | 10.5.8 |
| Apple | Mac Os X Server | 10.5.8 |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.htmlVendor Advisory
- http://secunia.com/advisories/40220Vendor Advisory
- http://securitytracker.com/id?1024103
- http://support.apple.com/kb/HT4188PatchVendor Advisory
- http://www.securityfocus.com/bid/40871Patch
- http://www.vupen.com/english/advisories/2010/1481PatchVendor Advisory
- http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.htmlVendor Advisory
- http://secunia.com/advisories/40220Vendor Advisory
- http://securitytracker.com/id?1024103
- http://support.apple.com/kb/HT4188PatchVendor Advisory
- http://www.securityfocus.com/bid/40871Patch
- http://www.vupen.com/english/advisories/2010/1481PatchVendor Advisory
FAQ
What is CVE-2010-0545?
CVE-2010-0545 is a vulnerability with a CVSS score of 4.4 (MEDIUM). The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, does not set the expected file ownerships during an "Apply to enclosed items" action, which allows local users to bypass...
How severe is CVE-2010-0545?
CVE-2010-0545 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0545?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X, Apple Mac Os X Server.