Search criteria
6 vulnerabilities found for little_snitch by objective_development
FKIE_CVE-2018-10470
Vulnerability from fkie_nvd - Published: 2018-06-12 17:29 - Updated: 2024-11-21 03:41
Severity ?
Summary
Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| objective_development | little_snitch | * | |
| apple | macos | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:objective_development:little_snitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14CA0E0C-AAE6-4E95-A4F9-928DDDA89E1C",
"versionEndIncluding": "4.0.6",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid."
},
{
"lang": "es",
"value": "Little Snitch desde la versi\u00f3n 4.0 hasta la 4.0.6 emplea la funci\u00f3n SecStaticCodeCheckValidityWithErrors() sin el flag kSecCSCheckAllArchitectures y, por lo tanto, no valida todas las arquitecturas almacenadas en un binario fat. Un atacante puede manipular maliciosamente un binario fat que contenga m\u00faltiples arquitecturas que podr\u00eda provocar una situaci\u00f3n por la que Little Snitch considera que el proceso en ejecuci\u00f3n no tiene firma de c\u00f3digo aunque indica que el binario en el disco tiene una firma de c\u00f3digo v\u00e1lida. Esto podr\u00eda conducir a que los usuarios est\u00e9n confusos sobre si la firma de c\u00f3digo es v\u00e1lida o no."
}
],
"id": "CVE-2018-10470",
"lastModified": "2024-11-21T03:41:22.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-12T17:29:00.207",
"references": [
{
"source": "office@obdev.at",
"url": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html"
},
{
"source": "office@obdev.at",
"url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/"
}
],
"sourceIdentifier": "office@obdev.at",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "office@obdev.at",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-2675
Vulnerability from fkie_nvd - Published: 2017-04-06 15:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file "at.obdev.littlesnitchd.plist" which gets installed to /Library/LaunchDaemons.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| obdev | little_snitch | 3.0 | |
| obdev | little_snitch | 3.0.1 | |
| obdev | little_snitch | 3.0.2 | |
| obdev | little_snitch | 3.0.3 | |
| obdev | little_snitch | 3.0.4 | |
| obdev | little_snitch | 3.1 | |
| obdev | little_snitch | 3.1.1 | |
| obdev | little_snitch | 3.3 | |
| obdev | little_snitch | 3.3.1 | |
| obdev | little_snitch | 3.3.2 | |
| obdev | little_snitch | 3.3.3 | |
| obdev | little_snitch | 3.3.4 | |
| obdev | little_snitch | 3.4 | |
| obdev | little_snitch | 3.4.1 | |
| obdev | little_snitch | 3.4.2 | |
| obdev | little_snitch | 3.5 | |
| obdev | little_snitch | 3.5.1 | |
| obdev | little_snitch | 3.5.2 | |
| obdev | little_snitch | 3.5.3 | |
| obdev | little_snitch | 3.6 | |
| obdev | little_snitch | 3.6.1 | |
| objective_development | little_snitch | 3.6.2 | |
| objective_development | little_snitch | 3.6.3 | |
| objective_development | little_snitch | 3.6.4 | |
| objective_development | little_snitch | 3.7 | |
| objective_development | little_snitch | 3.7.1 | |
| objective_development | little_snitch | 3.7.2 | |
| objective_development | little_snitch | 3.7.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3104B3C-7FB4-45D8-8B94-38C64DB5358E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83C15999-BD32-4576-976A-2B516A159BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8B790676-4683-4C37-8D6C-A7422F29D5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA526073-1289-4A26-8D06-2F33318AD940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C3AAF8D9-02A7-4AE4-A386-6DDC0F813163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D210C3B-3A48-4ACF-A957-253F15962EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "35027020-5BFD-45EA-9371-7342B3CA9AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFCCA6D8-420C-438A-806D-E3B909B12701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8B0447E-6A54-42ED-81A9-B4B16EF2C05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08087DF0-3980-4F59-A759-DD5D710CB5FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "91998865-31C0-4F6F-A4E9-14F3C4727C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "76108E38-65E9-4918-BB90-DCD6063E64F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F625187-402F-461E-A760-EB967DA79E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A00C225-33C2-4F4A-AAF8-131A6FC8CC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "918A02B3-1F03-478E-990B-EDE245F69495",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F518B2CE-C946-47EF-81BF-C3DF3A2CF9B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8D953E-4FC7-4F31-8DB5-DC2C5115CC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34A22CFD-D6A7-4EAE-A459-69453ADEB703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "239823E3-A508-4B67-8A5F-7DCFCCBD1C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7BACEFA0-52CD-45C7-B0A0-A9B4A1EA9B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0CA536C-001F-438F-8078-C6A4F51A6C15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:objective_development:little_snitch:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1319946-6002-450D-993E-B9EB28C810E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:objective_development:little_snitch:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "028AC949-F4BB-40B9-B5E0-B8863198DFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:objective_development:little_snitch:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "03D943AE-E2B0-4E8B-B2BE-66503014A4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:objective_development:little_snitch:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FC35634E-0523-4393-99C4-BDD1EC9BDD32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:objective_development:little_snitch:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB09E064-8BFF-4013-AE23-8F9EC75BB8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:objective_development:little_snitch:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "789BC777-8B55-4E10-A50D-8D14F3D4D132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:objective_development:little_snitch:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "679E0A62-E425-4FFC-9C2F-38590D71FC3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file \"at.obdev.littlesnitchd.plist\" which gets installed to /Library/LaunchDaemons."
},
{
"lang": "es",
"value": "Little Snitch versi\u00f3n 3.0 hasta la versi\u00f3n 3.7.3 sufre de una vulnerabilidad de escalamiento de privilegios locales en la parte del instalador. La vulnerabilidad est\u00e1 relacionada con la instalaci\u00f3n del archivo de configuraci\u00f3n \"at.obdev.littlesnitchd.plist\" que se instala en /Library/LaunchDaemons."
}
],
"id": "CVE-2017-2675",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-06T15:59:00.230",
"references": [
{
"source": "office@obdev.at",
"url": "https://twitter.com/patrickwardle/status/849076615170711552"
},
{
"source": "office@obdev.at",
"url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://twitter.com/patrickwardle/status/849076615170711552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
}
],
"sourceIdentifier": "office@obdev.at",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-10470 (GCVE-0-2018-10470)
Vulnerability from cvelistv5 – Published: 2018-06-12 17:00 – Updated: 2024-09-16 21:03
VLAI?
Summary
Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid.
Severity ?
No CVSS data available.
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Objective Development Software GmbH | Little Snitch |
Affected:
4.0 - 4.0.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:07.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Little Snitch",
"vendor": "Objective Development Software GmbH",
"versions": [
{
"status": "affected",
"version": "4.0 - 4.0.6"
}
]
}
],
"datePublic": "2018-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T17:57:01",
"orgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"shortName": "obdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2018-06-12T00:00:00",
"ID": "CVE-2018-10470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Little Snitch",
"version": {
"version_data": [
{
"version_value": "4.0 - 4.0.6"
}
]
}
}
]
},
"vendor_name": "Objective Development Software GmbH"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347: Improper Verification of Cryptographic Signature"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html",
"refsource": "CONFIRM",
"url": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html"
},
{
"name": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/",
"refsource": "MISC",
"url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"assignerShortName": "obdev",
"cveId": "CVE-2018-10470",
"datePublished": "2018-06-12T17:00:00Z",
"dateReserved": "2018-04-27T00:00:00",
"dateUpdated": "2024-09-16T21:03:03.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2675 (GCVE-0-2017-2675)
Vulnerability from cvelistv5 – Published: 2017-04-06 15:00 – Updated: 2024-08-05 14:02
VLAI?
Summary
Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file "at.obdev.littlesnitchd.plist" which gets installed to /Library/LaunchDaemons.
Severity ?
No CVSS data available.
CWE
- unspecified
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Objective Development Software GmbH | Little Snitch |
Affected:
3.0 - 3.7.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:07.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/patrickwardle/status/849076615170711552"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Little Snitch",
"vendor": "Objective Development Software GmbH",
"versions": [
{
"status": "affected",
"version": "3.0 - 3.7.3"
}
]
}
],
"datePublic": "2017-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file \"at.obdev.littlesnitchd.plist\" which gets installed to /Library/LaunchDaemons."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-11T19:57:01",
"orgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"shortName": "obdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/patrickwardle/status/849076615170711552"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-2675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Little Snitch",
"version": {
"version_data": [
{
"version_value": "3.0 - 3.7.3"
}
]
}
}
]
},
"vendor_name": "Objective Development Software GmbH"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file \"at.obdev.littlesnitchd.plist\" which gets installed to /Library/LaunchDaemons."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.obdev.at/products/littlesnitch/releasenotes.html",
"refsource": "CONFIRM",
"url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
},
{
"name": "https://twitter.com/patrickwardle/status/849076615170711552",
"refsource": "MISC",
"url": "https://twitter.com/patrickwardle/status/849076615170711552"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"assignerShortName": "obdev",
"cveId": "CVE-2017-2675",
"datePublished": "2017-04-06T15:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T14:02:07.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10470 (GCVE-0-2018-10470)
Vulnerability from nvd – Published: 2018-06-12 17:00 – Updated: 2024-09-16 21:03
VLAI?
Summary
Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid.
Severity ?
No CVSS data available.
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Objective Development Software GmbH | Little Snitch |
Affected:
4.0 - 4.0.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:07.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Little Snitch",
"vendor": "Objective Development Software GmbH",
"versions": [
{
"status": "affected",
"version": "4.0 - 4.0.6"
}
]
}
],
"datePublic": "2018-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T17:57:01",
"orgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"shortName": "obdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2018-06-12T00:00:00",
"ID": "CVE-2018-10470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Little Snitch",
"version": {
"version_data": [
{
"version_value": "4.0 - 4.0.6"
}
]
}
}
]
},
"vendor_name": "Objective Development Software GmbH"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347: Improper Verification of Cryptographic Signature"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html",
"refsource": "CONFIRM",
"url": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html"
},
{
"name": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/",
"refsource": "MISC",
"url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"assignerShortName": "obdev",
"cveId": "CVE-2018-10470",
"datePublished": "2018-06-12T17:00:00Z",
"dateReserved": "2018-04-27T00:00:00",
"dateUpdated": "2024-09-16T21:03:03.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2675 (GCVE-0-2017-2675)
Vulnerability from nvd – Published: 2017-04-06 15:00 – Updated: 2024-08-05 14:02
VLAI?
Summary
Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file "at.obdev.littlesnitchd.plist" which gets installed to /Library/LaunchDaemons.
Severity ?
No CVSS data available.
CWE
- unspecified
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Objective Development Software GmbH | Little Snitch |
Affected:
3.0 - 3.7.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:07.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/patrickwardle/status/849076615170711552"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Little Snitch",
"vendor": "Objective Development Software GmbH",
"versions": [
{
"status": "affected",
"version": "3.0 - 3.7.3"
}
]
}
],
"datePublic": "2017-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file \"at.obdev.littlesnitchd.plist\" which gets installed to /Library/LaunchDaemons."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-11T19:57:01",
"orgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"shortName": "obdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/patrickwardle/status/849076615170711552"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-2675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Little Snitch",
"version": {
"version_data": [
{
"version_value": "3.0 - 3.7.3"
}
]
}
}
]
},
"vendor_name": "Objective Development Software GmbH"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file \"at.obdev.littlesnitchd.plist\" which gets installed to /Library/LaunchDaemons."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.obdev.at/products/littlesnitch/releasenotes.html",
"refsource": "CONFIRM",
"url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
},
{
"name": "https://twitter.com/patrickwardle/status/849076615170711552",
"refsource": "MISC",
"url": "https://twitter.com/patrickwardle/status/849076615170711552"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"assignerShortName": "obdev",
"cveId": "CVE-2017-2675",
"datePublished": "2017-04-06T15:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T14:02:07.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}