CVE-2014-1264 — LOW (3.3) — White Hats Nepal

Q: How severe is CVE-2014-1264?

CVE-2014-1264 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-1264?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X.

Vulnerability Description

Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic circumstances via standard filesystem operations on a file with a damaged ACL.

CVSS Score

3.3

LOW

AV:L/AC:M/Au:N/C:P/I:P/A:N

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Apple	Mac Os X	<= 10.9.1

Related Weaknesses (CWE)

CWE-264

References

http://support.apple.com/kb/HT6150Vendor Advisory
http://support.apple.com/kb/HT6150Vendor Advisory

FAQ

What is CVE-2014-1264?

CVE-2014-1264 is a vulnerability with a CVSS score of 3.3 (LOW). Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic circumstanc...

How severe is CVE-2014-1264?

CVE-2014-1264 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-1264?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X.