cvelistv5 - cve-2008-3611

CVE-2008-3611 (GCVE-0-2008-3611)

Vulnerability from cvelistv5 – Published: 2008-09-16 23:00 – Updated: 2024-08-07 09:45

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/31189	vdb-entryx_refsource_BID
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.us-cert.gov/cas/techalerts/TA08-260A.html	third-party-advisoryx_refsource_CERT
	http://securitytracker.com/id?1020878	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2008/2584	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/31882	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:45:18.935Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "31189",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31189"
          },
          {
            "name": "APPLE-SA-2008-09-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
          },
          {
            "name": "TA08-260A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
          },
          {
            "name": "1020878",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1020878"
          },
          {
            "name": "ADV-2008-2584",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2584"
          },
          {
            "name": "31882",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31882"
          },
          {
            "name": "macos-loginscreen-security-bypass(45171)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45171"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user\u0027s password by later entering an acceptable new password on the same login screen."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "31189",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31189"
        },
        {
          "name": "APPLE-SA-2008-09-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
        },
        {
          "name": "TA08-260A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
        },
        {
          "name": "1020878",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1020878"
        },
        {
          "name": "ADV-2008-2584",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2584"
        },
        {
          "name": "31882",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31882"
        },
        {
          "name": "macos-loginscreen-security-bypass(45171)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45171"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3611",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user\u0027s password by later entering an acceptable new password on the same login screen."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "31189",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31189"
            },
            {
              "name": "APPLE-SA-2008-09-15",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
            },
            {
              "name": "TA08-260A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
            },
            {
              "name": "1020878",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1020878"
            },
            {
              "name": "ADV-2008-2584",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2584"
            },
            {
              "name": "31882",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31882"
            },
            {
              "name": "macos-loginscreen-security-bypass(45171)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45171"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-3611",
    "datePublished": "2008-09-16T23:00:00",
    "dateReserved": "2008-08-12T00:00:00",
    "dateUpdated": "2024-08-07T09:45:18.935Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6EE39585-CF3B-4493-96D8-B394544C7643\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D09D5933-A7D9-4A61-B863-CD8E7D5E67D8\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user\u0027s password by later entering an acceptable new password on the same login screen.\"}, {\"lang\": \"es\", \"value\": \"La Ventana de Inicio de Sesi\\u00f3n en Mac OS X versi\\u00f3n 10.4.11 de Apple, no borra la contrase\\u00f1a actual cuando un usuario realiza un intento de cambio de contrase\\u00f1a que es negado por la pol\\u00edtica, lo que permite a los atacantes oportunistas, f\\u00edsicamente cercanos, omitir la autenticaci\\u00f3n y cambiar la contrase\\u00f1a de este usuario mediante un ingreso posterior a una nueva contrase\\u00f1a aceptable en la misma pantalla de inicio de sesi\\u00f3n.\"}]",
      "id": "CVE-2008-3611",
      "lastModified": "2024-11-21T00:49:40.377",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:N/I:C/A:C\", \"baseScore\": 6.3, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 9.2, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2008-09-16T23:00:01.133",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/31882\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1020878\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/31189\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA08-260A.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2584\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/45171\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/31882\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1020878\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/31189\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA08-260A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2584\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/45171\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-3611\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-09-16T23:00:01.133\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user\u0027s password by later entering an acceptable new password on the same login screen.\"},{\"lang\":\"es\",\"value\":\"La Ventana de Inicio de Sesi\u00f3n en Mac OS X versi\u00f3n 10.4.11 de Apple, no borra la contrase\u00f1a actual cuando un usuario realiza un intento de cambio de contrase\u00f1a que es negado por la pol\u00edtica, lo que permite a los atacantes oportunistas, f\u00edsicamente cercanos, omitir la autenticaci\u00f3n y cambiar la contrase\u00f1a de este usuario mediante un ingreso posterior a una nueva contrase\u00f1a aceptable en la misma pantalla de inicio de sesi\u00f3n.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:N/I:C/A:C\",\"baseScore\":6.3,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":9.2,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EE39585-CF3B-4493-96D8-B394544C7643\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D09D5933-A7D9-4A61-B863-CD8E7D5E67D8\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/31882\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1020878\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/31189\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-260A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2584\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/45171\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31882\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1020878\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/31189\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-260A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2584\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/45171\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-200809-0185

Vulnerability from variot - Updated: 2024-07-23 19:30

Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen. Apple Mac OS X Leopard does not accurately reflect which files and directories are available via sharing. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. The security update addresses a total of 17 new vulnerabilities that affect the Apple Type Services, Directory Services, Finder, ImageIO, Kernel, Login Windows, SearchKit, System Configuration, System Preferences, Time Machine, VideoConference, and Wiki Server components of Mac OS X. The advisory also contains security updates for 17 previously reported issues. If the user walks away from the machine while the error message is still being displayed, a user with access to the login credentials can reset the password.

Bist Du interessiert an einem neuen Job in IT-Sicherheit?

Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/

TITLE: phpPgAds XML-RPC PHP Code Execution Vulnerability

SECUNIA ADVISORY ID: SA15884

VERIFY ADVISORY: http://secunia.com/advisories/15884/

CRITICAL: Highly critical

IMPACT: System access

WHERE:

From remote

SOFTWARE: phpPgAds 2.x http://secunia.com/product/4577/

DESCRIPTION: A vulnerability has been reported in phpPgAds, which can be exploited by malicious people to compromise a vulnerable system.

For more information: SA15852

SOLUTION: Update to version 2.0.5. http://sourceforge.net/project/showfiles.php?group_id=36679

OTHER REFERENCES: SA15852: http://secunia.com/advisories/15852/

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200809-0185",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.11"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.11"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "drupal",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "pear xml rpc",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "phpxmlrpc",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "postnuke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "serendipity",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ubuntu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "wordpress",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "xoops",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "phpmyfaq",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.4.11"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.4.11"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.3"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.2"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "ilife",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0"
      },
      {
        "model": "aperture",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2"
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.5"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.5"
      },
      {
        "model": "ilife support",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.3.1"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#126787"
      },
      {
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "db": "BID",
        "id": "31189"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001723"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-217"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3611"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-3611"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Pete Finnigan\u203b pete@peterfinnigan.demon.co.uk\u203bEsteban Martinez FayoJoxean Koret\u203b joxeankoret@yahoo.es\u203bAlexander Kornbrust\u203b ak@red-database-security.com\u203bAmichai Shulman\u203b shulman@imperva.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-217"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2008-3611",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.4,
            "impactScore": 9.2,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 6.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2008-3611",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.4,
            "id": "VHN-33736",
            "impactScore": 9.2,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:N/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2008-3611",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#126787",
            "trust": 0.8,
            "value": "1.01"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#442845",
            "trust": 0.8,
            "value": "20.75"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200809-217",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-33736",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#126787"
      },
      {
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "db": "VULHUB",
        "id": "VHN-33736"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001723"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-217"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3611"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user\u0027s password by later entering an acceptable new password on the same login screen. Apple Mac OS X Leopard does not accurately reflect which files and directories are available via sharing. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. \nThe security update addresses a total of 17 new vulnerabilities that affect the Apple Type Services, Directory Services, Finder, ImageIO, Kernel, Login Windows, SearchKit, System Configuration, System Preferences, Time Machine, VideoConference, and Wiki Server components of Mac OS X. The advisory also contains security updates for 17 previously reported issues. If the user walks away from the machine while the error message is still being displayed, a user with access to the login credentials can reset the password. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nphpPgAds XML-RPC PHP Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA15884\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/15884/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nphpPgAds 2.x\nhttp://secunia.com/product/4577/\n\nDESCRIPTION:\nA vulnerability has been reported in phpPgAds, which can be exploited\nby malicious people to compromise a vulnerable system. \n\nFor more information:\nSA15852\n\nSOLUTION:\nUpdate to version 2.0.5. \nhttp://sourceforge.net/project/showfiles.php?group_id=36679\n\nOTHER REFERENCES:\nSA15852:\nhttp://secunia.com/advisories/15852/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-3611"
      },
      {
        "db": "CERT/CC",
        "id": "VU#126787"
      },
      {
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001723"
      },
      {
        "db": "BID",
        "id": "31189"
      },
      {
        "db": "VULHUB",
        "id": "VHN-33736"
      },
      {
        "db": "PACKETSTORM",
        "id": "38390"
      }
    ],
    "trust": 3.51
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-3611",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "31189",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1020878",
        "trust": 2.5
      },
      {
        "db": "SECUNIA",
        "id": "31882",
        "trust": 2.5
      },
      {
        "db": "USCERT",
        "id": "TA08-260A",
        "trust": 2.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2584",
        "trust": 1.7
      },
      {
        "db": "XF",
        "id": "45171",
        "trust": 1.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#126787",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "15884",
        "trust": 0.9
      },
      {
        "db": "SECUNIA",
        "id": "15810",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15922",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15852",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15855",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15861",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15862",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15872",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15883",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15895",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "14088",
        "trust": 0.8
      },
      {
        "db": "SECTRACK",
        "id": "1014327",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#442845",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA08-260A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001723",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "TA08-260A",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2008-09-15",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-217",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-33736",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "38390",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#126787"
      },
      {
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "db": "VULHUB",
        "id": "VHN-33736"
      },
      {
        "db": "BID",
        "id": "31189"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001723"
      },
      {
        "db": "PACKETSTORM",
        "id": "38390"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-217"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3611"
      }
    ]
  },
  "id": "VAR-200809-0185",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33736"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T19:30:10.886000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Security Update 2008-006",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht3137"
      },
      {
        "title": "Security Update 2008-006",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht3137?viewlocale=ja_jp"
      },
      {
        "title": "TA08-260A",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta08-260a.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001723"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33736"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001723"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3611"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/31189"
      },
      {
        "trust": 2.5,
        "url": "http://www.us-cert.gov/cas/techalerts/ta08-260a.html"
      },
      {
        "trust": 2.5,
        "url": "http://securitytracker.com/id?1020878"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/31882"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce//2008/sep/msg00005.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2008/2584"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/45171"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/2584"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45171"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/15884/"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/15852/"
      },
      {
        "trust": 0.8,
        "url": "about vulnerability notes"
      },
      {
        "trust": 0.8,
        "url": "contact us about this vulnerability"
      },
      {
        "trust": 0.8,
        "url": "provide a vendor statement"
      },
      {
        "trust": 0.8,
        "url": "http://www.hardened-php.net/advisory-022005.php"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15861/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15862/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15895/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15883/"
      },
      {
        "trust": 0.8,
        "url": "http://news.postnuke.com/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=2699"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15855/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15810/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15872/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15922/"
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/alerts/2005/jun/1014327.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.gulftech.org/?node=research\u0026article_id=00088-07022005"
      },
      {
        "trust": 0.8,
        "url": "http://www.gulftech.org/?node=research\u0026article_id=00087-07012005"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/14088"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3611"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta08-260a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta08-260a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3611"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa08-260a.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.apple.com/kb/ht3137"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/126787"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/4577/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_vacancies/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://sourceforge.net/project/showfiles.php?group_id=36679"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#126787"
      },
      {
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "db": "VULHUB",
        "id": "VHN-33736"
      },
      {
        "db": "BID",
        "id": "31189"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001723"
      },
      {
        "db": "PACKETSTORM",
        "id": "38390"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-217"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3611"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#126787"
      },
      {
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "db": "VULHUB",
        "id": "VHN-33736"
      },
      {
        "db": "BID",
        "id": "31189"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001723"
      },
      {
        "db": "PACKETSTORM",
        "id": "38390"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-217"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3611"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-09-16T00:00:00",
        "db": "CERT/CC",
        "id": "VU#126787"
      },
      {
        "date": "2005-07-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "date": "2008-09-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-33736"
      },
      {
        "date": "2008-09-15T00:00:00",
        "db": "BID",
        "id": "31189"
      },
      {
        "date": "2008-10-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001723"
      },
      {
        "date": "2005-07-01T23:31:00",
        "db": "PACKETSTORM",
        "id": "38390"
      },
      {
        "date": "2008-09-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200809-217"
      },
      {
        "date": "2008-09-16T23:00:01.133000",
        "db": "NVD",
        "id": "CVE-2008-3611"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-10-14T00:00:00",
        "db": "CERT/CC",
        "id": "VU#126787"
      },
      {
        "date": "2007-03-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "date": "2017-08-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-33736"
      },
      {
        "date": "2008-11-13T22:34:00",
        "db": "BID",
        "id": "31189"
      },
      {
        "date": "2008-10-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001723"
      },
      {
        "date": "2008-11-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200809-217"
      },
      {
        "date": "2017-08-08T01:32:02.090000",
        "db": "NVD",
        "id": "CVE-2008-3611"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-217"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Mac OS X file sharing allows authenticated remote access to files and directories",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#126787"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-217"
      }
    ],
    "trust": 0.6
  }
}

GSD-2008-3611

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-3611

Aliases

CVE-2008-3611

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-3611",
    "description": "Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user\u0027s password by later entering an acceptable new password on the same login screen.",
    "id": "GSD-2008-3611"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-3611"
      ],
      "details": "Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user\u0027s password by later entering an acceptable new password on the same login screen.",
      "id": "GSD-2008-3611",
      "modified": "2023-12-13T01:23:05.170586Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-3611",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user\u0027s password by later entering an acceptable new password on the same login screen."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "31189",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/31189"
          },
          {
            "name": "APPLE-SA-2008-09-15",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
          },
          {
            "name": "TA08-260A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
          },
          {
            "name": "1020878",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1020878"
          },
          {
            "name": "ADV-2008-2584",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2584"
          },
          {
            "name": "31882",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31882"
          },
          {
            "name": "macos-loginscreen-security-bypass(45171)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45171"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3611"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user\u0027s password by later entering an acceptable new password on the same login screen."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2008-09-15",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
            },
            {
              "name": "1020878",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1020878"
            },
            {
              "name": "31189",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/31189"
            },
            {
              "name": "31882",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/31882"
            },
            {
              "name": "TA08-260A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
            },
            {
              "name": "ADV-2008-2584",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2584"
            },
            {
              "name": "macos-loginscreen-security-bypass(45171)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45171"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 9.2,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-08T01:32Z",
      "publishedDate": "2008-09-16T23:00Z"
    }
  }
}

GHSA-HRPF-8Q8G-5RWF

Vulnerability from github – Published: 2022-05-02 00:01 – Updated: 2022-05-02 00:01

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-3611"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-09-16T23:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user\u0027s password by later entering an acceptable new password on the same login screen.",
  "id": "GHSA-hrpf-8q8g-5rwf",
  "modified": "2022-05-02T00:01:44Z",
  "published": "2022-05-02T00:01:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3611"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45171"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31882"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1020878"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/31189"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2584"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2008-AVI-463

Vulnerability from certfr_avis - Published: - Updated:

None

Description

De multiples vulnérabilités ont été corrigées dans Mac OS X. Celles-ci permettent notamment à une personne malintentionnée d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Mac OS X Server versions antérieures à 10.5.5.
	N/A	N/A	Mac OS X versions antérieures à 10.5.5 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 2008-006

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X Server versions ant\u00e9rieures \u00e0 10.5.5.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X versions ant\u00e9rieures \u00e0 10.5.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Mac OS X. Celles-ci\npermettent notamment \u00e0 une personne malintentionn\u00e9e d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-3608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3608"
    },
    {
      "name": "CVE-2008-2376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2376"
    },
    {
      "name": "CVE-2008-2332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2332"
    },
    {
      "name": "CVE-2008-1483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1483"
    },
    {
      "name": "CVE-2008-1835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1835"
    },
    {
      "name": "CVE-2008-3618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3618"
    },
    {
      "name": "CVE-2008-2331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2331"
    },
    {
      "name": "CVE-2008-1382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1382"
    },
    {
      "name": "CVE-2008-3617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3617"
    },
    {
      "name": "CVE-2008-1100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1100"
    },
    {
      "name": "CVE-2008-2329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2329"
    },
    {
      "name": "CVE-2008-3610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3610"
    },
    {
      "name": "CVE-2008-3215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3215"
    },
    {
      "name": "CVE-2008-2327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2327"
    },
    {
      "name": "CVE-2008-2713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2713"
    },
    {
      "name": "CVE-2008-3622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3622"
    },
    {
      "name": "CVE-2008-1447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1447"
    },
    {
      "name": "CVE-2008-2305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2305"
    },
    {
      "name": "CVE-2008-3619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3619"
    },
    {
      "name": "CVE-2008-1387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1387"
    },
    {
      "name": "CVE-2008-2330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2330"
    },
    {
      "name": "CVE-2008-2312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2312"
    },
    {
      "name": "CVE-2008-3616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3616"
    },
    {
      "name": "CVE-2008-1833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1833"
    },
    {
      "name": "CVE-2008-0314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0314"
    },
    {
      "name": "CVE-2008-1657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1657"
    },
    {
      "name": "CVE-2008-1836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1836"
    },
    {
      "name": "CVE-2008-3609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3609"
    },
    {
      "name": "CVE-2008-3613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3613"
    },
    {
      "name": "CVE-2008-3621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3621"
    },
    {
      "name": "CVE-2008-1837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1837"
    },
    {
      "name": "CVE-2008-3611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3611"
    },
    {
      "name": "CVE-2008-3614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3614"
    }
  ],
  "links": [],
  "reference": "CERTA-2008-AVI-463",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-09-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": null,
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans MacOSX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 2008-006",
      "url": "http://support.apple.com/kb/HT3137"
    }
  ]
}

CERTA-2008-AVI-463

Vulnerability from certfr_avis - Published: - Updated:

None

Description

De multiples vulnérabilités ont été corrigées dans Mac OS X. Celles-ci permettent notamment à une personne malintentionnée d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Mac OS X Server versions antérieures à 10.5.5.
	N/A	N/A	Mac OS X versions antérieures à 10.5.5 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 2008-006

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X Server versions ant\u00e9rieures \u00e0 10.5.5.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X versions ant\u00e9rieures \u00e0 10.5.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Mac OS X. Celles-ci\npermettent notamment \u00e0 une personne malintentionn\u00e9e d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-3608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3608"
    },
    {
      "name": "CVE-2008-2376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2376"
    },
    {
      "name": "CVE-2008-2332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2332"
    },
    {
      "name": "CVE-2008-1483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1483"
    },
    {
      "name": "CVE-2008-1835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1835"
    },
    {
      "name": "CVE-2008-3618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3618"
    },
    {
      "name": "CVE-2008-2331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2331"
    },
    {
      "name": "CVE-2008-1382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1382"
    },
    {
      "name": "CVE-2008-3617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3617"
    },
    {
      "name": "CVE-2008-1100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1100"
    },
    {
      "name": "CVE-2008-2329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2329"
    },
    {
      "name": "CVE-2008-3610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3610"
    },
    {
      "name": "CVE-2008-3215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3215"
    },
    {
      "name": "CVE-2008-2327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2327"
    },
    {
      "name": "CVE-2008-2713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2713"
    },
    {
      "name": "CVE-2008-3622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3622"
    },
    {
      "name": "CVE-2008-1447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1447"
    },
    {
      "name": "CVE-2008-2305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2305"
    },
    {
      "name": "CVE-2008-3619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3619"
    },
    {
      "name": "CVE-2008-1387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1387"
    },
    {
      "name": "CVE-2008-2330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2330"
    },
    {
      "name": "CVE-2008-2312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2312"
    },
    {
      "name": "CVE-2008-3616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3616"
    },
    {
      "name": "CVE-2008-1833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1833"
    },
    {
      "name": "CVE-2008-0314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0314"
    },
    {
      "name": "CVE-2008-1657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1657"
    },
    {
      "name": "CVE-2008-1836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1836"
    },
    {
      "name": "CVE-2008-3609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3609"
    },
    {
      "name": "CVE-2008-3613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3613"
    },
    {
      "name": "CVE-2008-3621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3621"
    },
    {
      "name": "CVE-2008-1837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1837"
    },
    {
      "name": "CVE-2008-3611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3611"
    },
    {
      "name": "CVE-2008-3614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3614"
    }
  ],
  "links": [],
  "reference": "CERTA-2008-AVI-463",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-09-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": null,
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans MacOSX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 2008-006",
      "url": "http://support.apple.com/kb/HT3137"
    }
  ]
}

FKIE_CVE-2008-3611

Vulnerability from fkie_nvd - Published: 2008-09-16 23:00 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
cve@mitre.org	http://secunia.com/advisories/31882	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1020878
cve@mitre.org	http://www.securityfocus.com/bid/31189	Patch
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA08-260A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2584	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/45171
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31882	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1020878
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/31189	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-260A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2584	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/45171

Impacted products

	Vendor	Product	Version
	apple	mac_os_x	10.4.11
	apple	mac_os_x_server	10.4.11

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EE39585-CF3B-4493-96D8-B394544C7643",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D09D5933-A7D9-4A61-B863-CD8E7D5E67D8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user\u0027s password by later entering an acceptable new password on the same login screen."
    },
    {
      "lang": "es",
      "value": "La Ventana de Inicio de Sesi\u00f3n en Mac OS X versi\u00f3n 10.4.11 de Apple, no borra la contrase\u00f1a actual cuando un usuario realiza un intento de cambio de contrase\u00f1a que es negado por la pol\u00edtica, lo que permite a los atacantes oportunistas, f\u00edsicamente cercanos, omitir la autenticaci\u00f3n y cambiar la contrase\u00f1a de este usuario mediante un ingreso posterior a una nueva contrase\u00f1a aceptable en la misma pantalla de inicio de sesi\u00f3n."
    }
  ],
  "id": "CVE-2008-3611",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 9.2,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-09-16T23:00:01.133",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31882"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1020878"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/31189"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2584"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45171"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31882"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1020878"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/31189"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2584"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45171"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-3611 (GCVE-0-2008-3611)

VAR-200809-0185

GSD-2008-3611

GHSA-HRPF-8Q8G-5RWF

CERTA-2008-AVI-463

Description

Solution

CERTA-2008-AVI-463

Description

Solution

FKIE_CVE-2008-3611

Tags

Sightings

Nomenclature