CVE Vulnerabilities

CVE-2003-0171

Published: May 05, 2003 | Modified: Sep 10, 2008
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program.

Affected Software

Name Vendor Start Version End Version
Mac_os_x Apple 10.0 10.0
Mac_os_x Apple 10.0.1 10.0.1
Mac_os_x Apple 10.0.2 10.0.2
Mac_os_x Apple 10.0.3 10.0.3
Mac_os_x Apple 10.0.4 10.0.4
Mac_os_x Apple 10.1 10.1
Mac_os_x Apple 10.1.1 10.1.1
Mac_os_x Apple 10.1.2 10.1.2
Mac_os_x Apple 10.1.3 10.1.3
Mac_os_x Apple 10.1.4 10.1.4
Mac_os_x Apple 10.1.5 10.1.5
Mac_os_x Apple 10.2 10.2
Mac_os_x Apple 10.2.1 10.2.1
Mac_os_x Apple 10.2.2 10.2.2
Mac_os_x Apple 10.2.3 10.2.3
Mac_os_x Apple 10.2.4 10.2.4
Mac_os_x_server Apple 10.0 10.0
Mac_os_x_server Apple 10.2 10.2
Mac_os_x_server Apple 10.2.1 10.2.1
Mac_os_x_server Apple 10.2.2 10.2.2
Mac_os_x_server Apple 10.2.3 10.2.3
Mac_os_x_server Apple 10.2.4 10.2.4

References