Vulnerability Description
The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call.
CVSS Score
2.1
LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Mac Os X | <= 10.7.1 |
| Apple | Mac Os X Server | <= 10.7.1 |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlVendor Advisory
- http://support.apple.com/kb/HT5002Vendor Advisory
- http://www.securityfocus.com/bid/50085
- http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlVendor Advisory
- http://support.apple.com/kb/HT5002Vendor Advisory
- http://www.securityfocus.com/bid/50085
FAQ
What is CVE-2011-3216?
CVE-2011-3216 is a vulnerability with a CVSS score of 2.1 (LOW). The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink syste...
How severe is CVE-2011-3216?
CVE-2011-3216 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-3216?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X, Apple Mac Os X Server.