CVE-2008-4237 - OpenCVE

Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated by the screen saver lock setting.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Mac Os X Mac Os X Server

Configuration 1 [-]

OR	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:mac_os_x:10.5:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.1:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.2:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.3:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.4:::::::*
	cpe:2.3:o:apple:mac_os_x_server::::::::
	cpe:2.3:o:apple:mac_os_x_server:10.5:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.5.1:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.5.2:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.5.3:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.5.4:::::::*

References

Link	Resource
http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html	Vendor Advisory
http://secunia.com/advisories/33179	Vendor Advisory
http://support.apple.com/kb/HT3338	Vendor Advisory
http://www.securityfocus.com/bid/32839
http://www.securityfocus.com/bid/32880
http://www.securitytracker.com/id?1021407
http://www.us-cert.gov/cas/techalerts/TA08-350A.html	US Government Resource
http://www.vupen.com/english/advisories/2008/3444

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-12-17T01:00:00

Updated: 2009-01-06T10:00:00

Reserved: 2008-09-24T00:00:00

Link: CVE-2008-4237

JSON object: View

NVD Information

Status : Modified

Published: 2008-12-17T01:30:00.517

Modified: 2011-03-08T03:12:10.220

Link: CVE-2008-4237

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-12-15T00:00:00", "descriptions": [{"lang": "en", "value": "Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated by the screen saver lock setting."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-01-06T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2008-3444", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/3444"}, {"name": "TA08-350A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"}, {"name": "33179", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33179"}, {"name": "32839", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/32839"}, {"name": "1021407", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1021407"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT3338"}, {"name": "APPLE-SA-2008-12-15", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"}, {"name": "32880", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/32880"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4237", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated by the screen saver lock setting."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2008-3444", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/3444"}, {"name": "TA08-350A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"}, {"name": "33179", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33179"}, {"name": "32839", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32839"}, {"name": "1021407", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1021407"}, {"name": "http://support.apple.com/kb/HT3338", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3338"}, {"name": "APPLE-SA-2008-12-15", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"}, {"name": "32880", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32880"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4237", "datePublished": "2008-12-17T01:00:00", "dateReserved": "2008-09-24T00:00:00", "dateUpdated": "2009-01-06T10:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "E75D6FCB-40E7-4A52-A4CC-CB99C64FA319", "versionEndIncluding": "10.5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*", "matchCriteriaId": "D2442D35-7484-43D8-9077-3FDF63104816", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "3F3E721C-00CA-4D51-B542-F2BC5C0D65BF", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "B3267A41-1AE0-48B8-BD1F-DEC8A212851A", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "855288F1-0242-4951-AB3F-B7AF13E21CF6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "10082781-B93E-4B84-94F2-FA9749B4D92B", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "59451C51-8DF8-40AB-8B57-40FD70E69DB8", "versionEndIncluding": "10.5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*", "matchCriteriaId": "20E8648C-5469-4280-A581-D4A9A41B7213", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "77E8D614-E1EE-42F1-9E55-EA54FB500621", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "C73BED9E-29FB-4965-B38F-013FFE5A9170", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "D3B7DEC3-1C0B-4D13-98CD-CB7FAE7933B0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "7723A9E8-1DE2-4C7D-81E6-4F79DCB09324", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated by the screen saver lock setting."}, {"lang": "es", "value": "Managed Client en Apple Mac OS X anterior a v10.5.6 a veces no identifica los par\u00e1metros de configuraci\u00f3n de un sistema cuando instala a trav\u00e9s de un cliente, lo que permite a atacantes dependientes del contexto producir un impacto inespecifico mediante la utilizaci\u00f3n involuntaria de par\u00e1metros, como se demuestra en el par\u00e1metro de bloqueo del salvapantallas."}], "id": "CVE-2008-4237", "lastModified": "2011-03-08T03:12:10.220", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-12-17T01:30:00.517", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33179"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://support.apple.com/kb/HT3338"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/32839"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/32880"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1021407"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/3444"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}