CVE-2008-1033 - OpenCVE

The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:H/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Mac Os X Mac Os X Server Cups

Configuration 1 [-]

AND

OR	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:mac_os_x_server:10.5:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.5.1:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.5.2:::::::*

cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*

References

Link	Resource
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
http://secunia.com/advisories/30430	Vendor Advisory
http://securitytracker.com/id?1020145
http://www.securityfocus.com/bid/29412
http://www.securityfocus.com/bid/29484
http://www.us-cert.gov/cas/techalerts/TA08-150A.html	US Government Resource
http://www.vupen.com/english/advisories/2008/1697	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/42713

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-06-02T14:00:00

Updated: 2017-08-07T12:57:01

Reserved: 2008-02-26T00:00:00

Link: CVE-2008-1033

JSON object: View

NVD Information

Status : Modified

Published: 2008-06-02T21:30:00.000

Modified: 2017-08-08T01:29:50.557

Link: CVE-2008-1033

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-05-28T00:00:00", "descriptions": [{"lang": "en", "value": "The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to \"authentication environment variables.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "macosx-cups-info-disclosure(42713)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42713"}, {"name": "29484", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29484"}, {"name": "TA08-150A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"}, {"name": "1020145", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1020145"}, {"name": "30430", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30430"}, {"name": "APPLE-SA-2008-05-28", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"}, {"name": "ADV-2008-1697", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1697"}, {"name": "29412", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29412"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1033", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to \"authentication environment variables.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "macosx-cups-info-disclosure(42713)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42713"}, {"name": "29484", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29484"}, {"name": "TA08-150A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"}, {"name": "1020145", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1020145"}, {"name": "30430", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30430"}, {"name": "APPLE-SA-2008-05-28", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"}, {"name": "ADV-2008-1697", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1697"}, {"name": "29412", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29412"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1033", "datePublished": "2008-06-02T14:00:00", "dateReserved": "2008-02-26T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574", "vulnerable": false}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*", "matchCriteriaId": "20E8648C-5469-4280-A581-D4A9A41B7213", "vulnerable": false}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "77E8D614-E1EE-42F1-9E55-EA54FB500621", "vulnerable": false}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "C73BED9E-29FB-4965-B38F-013FFE5A9170", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*", "matchCriteriaId": "772C32A8-A958-47B3-855D-116B0A7E9E5D", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to \"authentication environment variables.\""}, {"lang": "es", "value": "El planificador en CUPS en Apple Mac OS X versiones 10.5 anteriores a 10.5.3, cuando el registro de depuraci\u00f3n est\u00e1 habilitado y una impresora requiere una contrase\u00f1a, permite a los atacantes obtener informaci\u00f3n confidencial (credenciales) mediante la lectura los datos de registro, relacionados con \"authentication environment variables.\""}], "id": "CVE-2008-1033", "lastModified": "2017-08-08T01:29:50.557", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-06-02T21:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30430"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1020145"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/29412"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/29484"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1697"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42713"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Not vulnerable. This issue did not affect the versions of cups as shipped with Red Hat Enterprise Linux 3, 4, or 5.", "lastModified": "2008-06-03T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}