CVE-2014-1347 - OpenCVE

Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Itunes Mac Os X

Configuration 1 [-]

AND

OR	cpe:2.3:a:apple:itunes::::::::
	cpe:2.3:a:apple:itunes:11.0:::::::*
	cpe:2.3:a:apple:itunes:11.0.1:::::::*
	cpe:2.3:a:apple:itunes:11.0.2:::::::*
	cpe:2.3:a:apple:itunes:11.0.3:::::::*
	cpe:2.3:a:apple:itunes:11.0.4:::::::*
	cpe:2.3:a:apple:itunes:11.0.5:::::::*
	cpe:2.3:a:apple:itunes:11.1:::::::*
	cpe:2.3:a:apple:itunes:11.1.1:::::::*
	cpe:2.3:a:apple:itunes:11.1.2:::::::*
	cpe:2.3:a:apple:itunes:11.1.3:::::::*
	cpe:2.3:a:apple:itunes:11.1.4:::::::*
	cpe:2.3:a:apple:itunes:11.1.5:::::::*

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://support.apple.com/kb/HT6251

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2014-05-18T10:00:00

Updated: 2024-08-06T09:34:41.298Z

Reserved: 2014-01-08T00:00:00

Link: CVE-2014-1347

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2014-05-18T11:12:54.313

Modified: 2014-05-19T16:52:31.650

Link: CVE-2014-1347

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-05-17T00:00:00", "descriptions": [{"lang": "en", "value": "Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-05-18T06:57:00", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT6251"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2014-1347", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://support.apple.com/kb/HT6251", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT6251"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:34:41.298Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT6251"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2014-1347", "datePublished": "2014-05-18T10:00:00", "dateReserved": "2014-01-08T00:00:00", "dateUpdated": "2024-08-06T09:34:41.298Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*", "matchCriteriaId": "6722DFCA-3E6E-49FE-81AE-146243731138", "versionEndIncluding": "11.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:itunes:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "3979F15D-34E1-49F6-BCCE-21F4F680D9D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:itunes:11.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4D0181AF-C382-4500-A7AC-220DCD619F96", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:itunes:11.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "6B04367A-1C86-4CF6-BCB7-3FA4D920E452", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:itunes:11.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "4F346750-0E04-46BC-94DD-524A2893D8FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:itunes:11.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "48E955F0-51D4-4B91-AE05-5653800C3AC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:itunes:11.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "6925AABD-3132-4144-8209-E5C47ED8459F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:itunes:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "B3EF55F1-D02F-4D20-9D35-02E83D3C0F6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:itunes:11.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A7834154-4F1D-4ADD-8512-7C7CF76F8A34", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:itunes:11.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "3E9F1B66-20BF-4942-B266-05975298CA87", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:itunes:11.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "17110B7B-4E90-4906-B21D-BBB14811B1F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:itunes:11.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "23102AB3-E7C9-45F2-9B4A-480F23A18A0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:itunes:11.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "E0230093-CCB7-4F75-B9A2-9B073C31648D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations."}, {"lang": "es", "value": "Apple iTunes anterior a 11.2.1 en OS X configura permisos de lectura universal para /Users y /Users/Shared durante reinicios, lo que permite a usuarios locales modificar archivos, y como consecuencia obtener acceso a cuentas de usuarios arbitrarios, a trav\u00e9s de operaciones est\u00e1ndar de sistemas de archivos."}], "id": "CVE-2014-1347", "lastModified": "2014-05-19T16:52:31.650", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-18T11:12:54.313", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://support.apple.com/kb/HT6251"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}