CVE-2008-2330 - OpenCVE

slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue."

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:C/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Mac Os X Server

Configuration 1 [-]

OR	cpe:2.3:o:apple:mac_os_x_server:10.4.11:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.5:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.5.1:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.5.2:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.5.3:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.5.4:::::::*

References

Link	Resource
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html	Patch
http://secunia.com/advisories/31882
http://securitytracker.com/id?1020874
http://www.securityfocus.com/bid/31189	Patch
http://www.us-cert.gov/cas/techalerts/TA08-260A.html	US Government Resource
http://www.vupen.com/english/advisories/2008/2584
https://exchange.xforce.ibmcloud.com/vulnerabilities/45164

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-09-16T23:00:00

Updated: 2017-08-07T12:57:01

Reserved: 2008-05-18T00:00:00

Link: CVE-2008-2330

JSON object: View

NVD Information

Status : Modified

Published: 2008-09-16T23:00:00.977

Modified: 2017-08-08T01:30:57.387

Link: CVE-2008-2330

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-09-15T00:00:00", "descriptions": [{"lang": "en", "value": "slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an \"insecure file operation issue.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "31189", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31189"}, {"name": "APPLE-SA-2008-09-15", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"}, {"name": "TA08-260A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"}, {"name": "ADV-2008-2584", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2584"}, {"name": "31882", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31882"}, {"name": "1020874", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1020874"}, {"name": "macos-slapconfig-information-disclosure(45164)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45164"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-2330", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an \"insecure file operation issue.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "31189", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31189"}, {"name": "APPLE-SA-2008-09-15", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"}, {"name": "TA08-260A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"}, {"name": "ADV-2008-2584", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2584"}, {"name": "31882", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31882"}, {"name": "1020874", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1020874"}, {"name": "macos-slapconfig-information-disclosure(45164)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45164"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-2330", "datePublished": "2008-09-16T23:00:00", "dateReserved": "2008-05-18T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "D09D5933-A7D9-4A61-B863-CD8E7D5E67D8", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*", "matchCriteriaId": "20E8648C-5469-4280-A581-D4A9A41B7213", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "77E8D614-E1EE-42F1-9E55-EA54FB500621", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "C73BED9E-29FB-4965-B38F-013FFE5A9170", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "D3B7DEC3-1C0B-4D13-98CD-CB7FAE7933B0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "7723A9E8-1DE2-4C7D-81E6-4F79DCB09324", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an \"insecure file operation issue.\""}, {"lang": "es", "value": "slapconfig en Directory Services en Apple Mac OS X 10.5 a la v10.5.4, permite a usuarios locales seleccionar un fichero con permisos de lectura de salida en el que ha sido escrito la contrase\u00f1a del servidor mediante el administrador de sistema OpenLDAP, relacionado con la funci\u00f3n \"mkfifo\", tambi\u00e9n conocido como \"cuesti\u00f3n insegura de operaci\u00f3n con fichero\"(insecure file operation issue)."}], "id": "CVE-2008-2330", "lastModified": "2017-08-08T01:30:57.387", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-09-16T23:00:00.977", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/31882"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1020874"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/31189"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/2584"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45164"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}