FKIE_CVE-2012-0652

Vulnerability from fkie_nvd - Published: 2012-05-11 03:49 - Updated: 2025-04-11 00:51
Severity ?
Summary
Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log.
References
product-security@apple.comhttp://lists.apple.com/archives/security-announce/2012/May/msg00001.htmlVendor Advisory
product-security@apple.comhttp://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
product-security@apple.comhttp://support.apple.com/kb/HT5281Vendor Advisory
product-security@apple.comhttp://support.apple.com/kb/HT5501
product-security@apple.comhttp://www.securityfocus.com/bid/53445
product-security@apple.comhttp://www.securityfocus.com/bid/53457
product-security@apple.comhttp://www.securitytracker.com/id?1027024
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2012/May/msg00001.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT5281Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT5501
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/53445
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/53457
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1027024
Impacted products
Vendor Product Version
apple mac_os_x 10.7.3
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A82DEF28-B061-44B3-AF9B-BE529DB457D9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log."
    },
    {
      "lang": "es",
      "value": "La ventana de acceso en Apple Mac OS X v10.7.3, cuando Legacy File Vault o cuando los directorios home en red red est\u00e1n habilitados, no restringe adecuadamente lo que se escribe en el registro del sistema para las conexiones de red, que permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura del registro."
    }
  ],
  "id": "CVE-2012-0652",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-05-11T03:49:58.840",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT5281"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://support.apple.com/kb/HT5501"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securityfocus.com/bid/53445"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securityfocus.com/bid/53457"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securitytracker.com/id?1027024"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT5281"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT5501"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53445"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1027024"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.