CVE-2003-1009
10
CVSS SCORE
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Description
Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 and Apple Mac OS X Server 10.2 through 10.3.2 accepts authentication server information from unknown LDAP or NetInfo sources as provided by a malicious DHCP server, which allows remote attackers to gain privileges.
CVSS Vector Details
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C
Affected Software Configurations
- o apple mac_os_x 10.0.2 * * * * * * *
- o apple mac_os_x 10.0.3 * * * * * * *
- o apple mac_os_x 10.2.8 * * * * * * *
- o apple mac_os_x 10.3.2 * * * * * * *
- o apple mac_os_x_server 10.2 * * * * * * *
- o apple mac_os_x_server 10.2.1 * * * * * * *
- o apple mac_os_x_server 10.2.2 * * * * * * *
- o apple mac_os_x_server 10.2.3 * * * * * * *
- o apple mac_os_x_server 10.2.4 * * * * * * *
- o apple mac_os_x_server 10.2.5 * * * * * * *
Weaknesses (CWE)
- NVD-CWE-Other
References & External Links
- http://docs.info.apple.com/article.html?artnum=32478
- http://docs.info.apple.com/article.html?artnum=61798
- http://www.carrel.org/dhcp-vuln.html
- http://www.securityfocus.com/bid/9110
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13874
- http://docs.info.apple.com/article.html?artnum=32478
- http://docs.info.apple.com/article.html?artnum=61798
- http://www.carrel.org/dhcp-vuln.html
- http://www.securityfocus.com/bid/9110
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13874