CVE-2007-0739 - Vulnerability Details - OpenCVE

The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the software update window beneath the loginwindow authentication dialog in certain circumstances related to running scheduled tasks, which allows local users to bypass authentication controls.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X

Configuration 1 [-]

OR	cpe:2.3:o:apple:mac_os_x:10.4:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.1:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.2:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.3:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.4:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.5:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.6:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.7:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.8:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.9:::::::*

No data.

References

Link	Providers
http://docs.info.apple.com/article.html?artnum=305391
http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html
http://secunia.com/advisories/24966
http://www.osvdb.org/34864
http://www.securityfocus.com/bid/23569
http://www.securitytracker.com/id?1017939
http://www.us-cert.gov/cas/techalerts/TA07-109A.html
http://www.vupen.com/english/advisories/2007/1470

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-24T17:00:00

Updated: 2024-08-07T12:26:54.359Z

Reserved: 2007-02-05T00:00:00

Link: CVE-2007-0739

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-04-24T17:19:00.000

Modified: 2024-11-21T00:26:37.793

Link: CVE-2007-0739

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-19T00:00:00", "descriptions": [{"lang": "en", "value": "The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the software update window beneath the loginwindow authentication dialog in certain circumstances related to running scheduled tasks, which allows local users to bypass authentication controls."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-04-28T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "24966", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24966"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=305391"}, {"name": "23569", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23569"}, {"name": "TA07-109A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-109A.html"}, {"name": "34864", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/34864"}, {"name": "1017939", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1017939"}, {"name": "APPLE-SA-2007-04-19", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html"}, {"name": "ADV-2007-1470", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1470"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0739", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the software update window beneath the loginwindow authentication dialog in certain circumstances related to running scheduled tasks, which allows local users to bypass authentication controls."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "24966", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24966"}, {"name": "http://docs.info.apple.com/article.html?artnum=305391", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=305391"}, {"name": "23569", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23569"}, {"name": "TA07-109A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-109A.html"}, {"name": "34864", "refsource": "OSVDB", "url": "http://www.osvdb.org/34864"}, {"name": "1017939", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017939"}, {"name": "APPLE-SA-2007-04-19", "refsource": "APPLE", "url": "http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html"}, {"name": "ADV-2007-1470", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1470"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:26:54.359Z"}, "title": "CVE Program Container", "references": [{"name": "24966", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24966"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=305391"}, {"name": "23569", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23569"}, {"name": "TA07-109A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-109A.html"}, {"name": "34864", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/34864"}, {"name": "1017939", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1017939"}, {"name": "APPLE-SA-2007-04-19", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html"}, {"name": "ADV-2007-1470", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1470"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0739", "datePublished": "2007-04-24T17:00:00", "dateReserved": "2007-02-05T00:00:00", "dateUpdated": "2024-08-07T12:26:54.359Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*", "matchCriteriaId": "0760FDDB-38D3-4263-9B4D-1AF5E613A4F9", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "AFD4DE58-46C7-4E69-BF36-C5FD768B8248", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "CF824694-52DE-44E3-ACAD-60B2A84CD3CE", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "B73A0891-A37A-4E0D-AA73-B18BFD6B1447", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "26AC38AB-D689-4B2B-9DAE-F03F4DFD15BE", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "0C580935-0091-4163-B747-750FB7686973", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "BB0F2132-8431-4CEF-9A3D-A69425E3834E", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "8719F3C4-F1DE-49B5-9301-22414A2B6F9C", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "09ED46A8-1739-411C-8807-2A416BDB6DFE", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "786BB737-EA99-4EC6-B742-0C35BF2453F9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the software update window beneath the loginwindow authentication dialog in certain circumstances related to running scheduled tasks, which allows local users to bypass authentication controls."}, {"lang": "es", "value": "La ventana de Login en Apple Mac OS X 10.4 hasta la 10.4.9 muestra la ventana de actualizaci\u00f3n bajo el di\u00e1logo de la autentificaci\u00f3n de ventana de entrada en ciertas circustancias relacionadas con la ejecuci\u00f3n de tareas programadas, lo cual podr\u00eda ser utilizado por usuarios locales para evitar controles de validaci\u00f3n."}], "id": "CVE-2007-0739", "lastModified": "2024-11-21T00:26:37.793", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-24T17:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://docs.info.apple.com/article.html?artnum=305391"}, {"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24966"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/34864"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/23569"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1017939"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-109A.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1470"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://docs.info.apple.com/article.html?artnum=305391"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24966"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/34864"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/23569"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1017939"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-109A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1470"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}