The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, does not set the expected file ownerships during an "Apply to enclosed items" action, which allows local users to bypass intended access restrictions via normal filesystem operations.
References
Link | Resource |
---|---|
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html | Vendor Advisory |
http://secunia.com/advisories/40220 | Vendor Advisory |
http://securitytracker.com/id?1024103 | |
http://support.apple.com/kb/HT4188 | Patch Vendor Advisory |
http://www.securityfocus.com/bid/40871 | Patch |
http://www.vupen.com/english/advisories/2010/1481 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apple
Published: 2022-10-03T16:21:13
Updated: 2022-10-03T16:21:13
Reserved: 2022-10-03T00:00:00
Link: CVE-2010-0545
JSON object: View
NVD Information
Status : Analyzed
Published: 2010-06-17T16:30:01.437
Modified: 2010-06-17T16:30:01.437
Link: CVE-2010-0545
JSON object: View
Redhat Information
No data.
CWE