VAR-200212-0329
Vulnerability from variot - Updated: 2024-02-02 22:40Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a telnet:// link, which is executed by Terminal.app window. Mac OS X is the BSD-based operating system distributed and maintained by Apple. It has been discovered that some types of links, when clicked on, may result in the execution of arbitrary commands. Due to the improper handling of some links, a user clicking on a link containing special characters and embedded commands could cause the execution of the commands in the link to be carried out in a terminal.app window. These commands would be executed in the security context of the user. Because Mac OS X does not properly check the content of some connection types, a local attacker can exploit this vulnerability to elevate privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0329",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "terminal",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "1.3.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
}
],
"sources": [
{
"db": "BID",
"id": "5768"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-702"
},
{
"db": "NVD",
"id": "CVE-2002-1898"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1898"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Taiyo Fujii\u203b taiyo@vinet.or.jp",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-702"
}
],
"trust": 0.6
},
"cve": "CVE-2002-1898",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-6281",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-1898",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200212-702",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-6281",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6281"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-702"
},
{
"db": "NVD",
"id": "CVE-2002-1898"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a telnet:// link, which is executed by Terminal.app window. Mac OS X is the BSD-based operating system distributed and maintained by Apple. \nIt has been discovered that some types of links, when clicked on, may result in the execution of arbitrary commands. Due to the improper handling of some links, a user clicking on a link containing special characters and embedded commands could cause the execution of the commands in the link to be carried out in a terminal.app window. These commands would be executed in the security context of the user. Because Mac OS X does not properly check the content of some connection types, a local attacker can exploit this vulnerability to elevate privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1898"
},
{
"db": "BID",
"id": "5768"
},
{
"db": "VULHUB",
"id": "VHN-6281"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-6281",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6281"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "5768",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-1898",
"trust": 1.7
},
{
"db": "NSFOCUS",
"id": "3585",
"trust": 0.6
},
{
"db": "APPLE",
"id": "2002-09-20",
"trust": 0.6
},
{
"db": "XF",
"id": "10156",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200212-702",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-75636",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "21815",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-6281",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6281"
},
{
"db": "BID",
"id": "5768"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-702"
},
{
"db": "NVD",
"id": "CVE-2002-1898"
}
]
},
"id": "VAR-200212-0329",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-6281"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-02T22:40:46.730000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1898"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2002/sep/msg00001.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/5768"
},
{
"trust": 1.7,
"url": "http://apple.slashdot.org/apple/02/09/21/122236.shtml?tid=172"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/10156.php"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/3585"
},
{
"trust": 0.3,
"url": "http://docs.info.apple.com/article.html?artnum=120150"
},
{
"trust": 0.3,
"url": "http://www.info.apple.com/usen/security/security_updates.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6281"
},
{
"db": "BID",
"id": "5768"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-702"
},
{
"db": "NVD",
"id": "CVE-2002-1898"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-6281"
},
{
"db": "BID",
"id": "5768"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-702"
},
{
"db": "NVD",
"id": "CVE-2002-1898"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-6281"
},
{
"date": "2002-09-21T00:00:00",
"db": "BID",
"id": "5768"
},
{
"date": "2002-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-702"
},
{
"date": "2002-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2002-1898"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-6281"
},
{
"date": "2002-09-21T00:00:00",
"db": "BID",
"id": "5768"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-702"
},
{
"date": "2024-02-02T15:13:33.140000",
"db": "NVD",
"id": "CVE-2002-1898"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "5768"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-702"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Mac OS X Terminal.APP Telnet Connect local command execution vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-702"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-702"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…