Vulnerability-Lookup

CVE-2014-1347 (GCVE-0-2014-1347)

Vulnerability from cvelistv5 – Published: 2014-05-18 10:00 – Updated: 2024-08-06 09:34

Summary

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

GHSA-WV28-HFG5-XX3J

Vulnerability from github – Published: 2022-05-17 04:43 – Updated: 2022-05-17 04:43

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-1347"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-05-18T11:12:00Z",
    "severity": "MODERATE"
  },
  "details": "Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations.",
  "id": "GHSA-wv28-hfg5-xx3j",
  "modified": "2022-05-17T04:43:32Z",
  "published": "2022-05-17T04:43:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1347"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT6251"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-201405-0220

Vulnerability from variot - Updated: 2025-04-13 23:34

Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations. iTunes is prone to multiple insecure file-permission vulnerabilities. Apple iTunes versions prior to 11.2.1 are vulnerable. Apple Apple iTunes is a set of media player applications of Apple (Apple), which is mainly used for playing and managing digital music and video files. The vulnerability is caused by the program setting global write permissions on the /Users and /Users/Shared directories during restart. This issue was addressed with improved permission handling. For information on the general content of iTunes 11.2.1, see http://support.apple.com/kb/TS5434 CVE-ID CVE-2014-1347

iTunes 11.2.1 may be obtained from: http://www.apple.com/itunes/download/

The download file is named: iTunes11.2.1.dmg Its SHA-1 digest is: d7e00140775bd15069ded529388add2ce6f0b538

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTdvWrAAoJEBcWfLTuOo7t1rgP+gL3Z02WLrsQb66XvuTEz9Ij KHKL/y3yXzMIdwEqFsHvcd8Ls9lBaiSFTkXIWXhgWsW8PZPFZBahprnbbszFmwJ6 P9g2QRWstQFpveImGdrMW3E9yjIf7YvkjD2NNNpG4NUXiejwWANJ1kmfHJ9ny1vs L8bIImea5+mTMt+fvrJp3vWGAhLSfJYc9HQvIqJxhESiAW0dOoprbkTGVPRbR5wE w7d1m5LS8nvmWi8blLKvLtv+AX2HJvLniJwYkZXa4kMUy25nYLrTZ09aRMfP2Ygg 4fjsIphrnpScl9gGaBYbp3vncR/g0Nypw0b3/ahlmBnEFFIXHJNjudoW8vbBdyaM 7x1A4y1iVregs7LKRwExhZGjc85WYJis1asVE4A0L8rjqjj/OskXUyFFZ2wKEwic apZPyeqGOPpdwa3CsHcq7RZZb1Y8aceeLviXKb2iOC37toRMnDkMr2SBd/xD6TfE fWxBbFnxsY+BFbfz9QUpvtmWI3a399vqt6J9RXxve/a/nd8XyCUdgTxhGSf+uUZ4 U6vJppHF+nzXjaua8L7z8RXxQDfjFm2pI9a3VfRjq50hrznCprXSIR148//WSiHJ Y6Ss5s+lHLedmdudW9Fsiywb0ImEK88bQtmHg4WqxOfFbC9X25262WhDN+m7KoGJ 4kQtMB6mjCY/WsU+frOA =P5hZ -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201405-0220",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "11.1.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "11.1.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "11.1.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "11.1.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "11.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "11.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "11.1.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "11.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "11.0.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "11.0.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "11.0.3"
      },
      {
        "model": "itunes",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "11.2"
      },
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "11.2.1   (mac os x v10.6.8 or later )"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.6.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.6.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.0.163"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.7"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.6.1.7"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.6"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5.1.42"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.4.1.10"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.4.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.4.0.80"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2.2.12"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.1.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10"
      },
      {
        "model": "itunes",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "67457"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002533"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-309"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1347"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:apple:itunes",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002533"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "BID",
        "id": "67457"
      },
      {
        "db": "PACKETSTORM",
        "id": "126720"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2014-1347",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "CVE-2014-1347",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "VHN-69286",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2014-1347",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2014-1347",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201405-309",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-69286",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69286"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002533"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-309"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1347"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations. iTunes is prone to multiple insecure file-permission vulnerabilities. \nApple iTunes versions prior to 11.2.1 are vulnerable. Apple Apple iTunes is a set of media player applications of Apple (Apple), which is mainly used for playing and managing digital music and video files. The vulnerability is caused by the program setting global write permissions on the /Users and /Users/Shared directories during restart. This issue was addressed with\nimproved permission handling. For information on the general content\nof iTunes 11.2.1, see http://support.apple.com/kb/TS5434\nCVE-ID\nCVE-2014-1347\n\n\niTunes 11.2.1 may be obtained from:\nhttp://www.apple.com/itunes/download/\n\nThe download file is named: iTunes11.2.1.dmg\nIts SHA-1 digest is: d7e00140775bd15069ded529388add2ce6f0b538\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJTdvWrAAoJEBcWfLTuOo7t1rgP+gL3Z02WLrsQb66XvuTEz9Ij\nKHKL/y3yXzMIdwEqFsHvcd8Ls9lBaiSFTkXIWXhgWsW8PZPFZBahprnbbszFmwJ6\nP9g2QRWstQFpveImGdrMW3E9yjIf7YvkjD2NNNpG4NUXiejwWANJ1kmfHJ9ny1vs\nL8bIImea5+mTMt+fvrJp3vWGAhLSfJYc9HQvIqJxhESiAW0dOoprbkTGVPRbR5wE\nw7d1m5LS8nvmWi8blLKvLtv+AX2HJvLniJwYkZXa4kMUy25nYLrTZ09aRMfP2Ygg\n4fjsIphrnpScl9gGaBYbp3vncR/g0Nypw0b3/ahlmBnEFFIXHJNjudoW8vbBdyaM\n7x1A4y1iVregs7LKRwExhZGjc85WYJis1asVE4A0L8rjqjj/OskXUyFFZ2wKEwic\napZPyeqGOPpdwa3CsHcq7RZZb1Y8aceeLviXKb2iOC37toRMnDkMr2SBd/xD6TfE\nfWxBbFnxsY+BFbfz9QUpvtmWI3a399vqt6J9RXxve/a/nd8XyCUdgTxhGSf+uUZ4\nU6vJppHF+nzXjaua8L7z8RXxQDfjFm2pI9a3VfRjq50hrznCprXSIR148//WSiHJ\nY6Ss5s+lHLedmdudW9Fsiywb0ImEK88bQtmHg4WqxOfFbC9X25262WhDN+m7KoGJ\n4kQtMB6mjCY/WsU+frOA\n=P5hZ\n-----END PGP SIGNATURE-----\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-1347"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002533"
      },
      {
        "db": "BID",
        "id": "67457"
      },
      {
        "db": "VULHUB",
        "id": "VHN-69286"
      },
      {
        "db": "PACKETSTORM",
        "id": "126720"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-69286",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69286"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-1347",
        "trust": 2.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002533",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-309",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "67457",
        "trust": 0.4
      },
      {
        "db": "PACKETSTORM",
        "id": "126720",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-69286",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69286"
      },
      {
        "db": "BID",
        "id": "67457"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002533"
      },
      {
        "db": "PACKETSTORM",
        "id": "126720"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-309"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1347"
      }
    ]
  },
  "id": "VAR-201405-0220",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69286"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-13T23:34:12.200000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT6251",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT6251"
      },
      {
        "title": "HT6251",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT6251?viewlocale=ja_JP"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002533"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69286"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002533"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1347"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://support.apple.com/kb/ht6251"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1347"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1347"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/archive/1/532141"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1347"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/itunes/download/"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ts5434"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69286"
      },
      {
        "db": "BID",
        "id": "67457"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002533"
      },
      {
        "db": "PACKETSTORM",
        "id": "126720"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-309"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1347"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-69286"
      },
      {
        "db": "BID",
        "id": "67457"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002533"
      },
      {
        "db": "PACKETSTORM",
        "id": "126720"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-309"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1347"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-05-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-69286"
      },
      {
        "date": "2014-05-16T00:00:00",
        "db": "BID",
        "id": "67457"
      },
      {
        "date": "2014-05-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-002533"
      },
      {
        "date": "2014-05-20T00:24:33",
        "db": "PACKETSTORM",
        "id": "126720"
      },
      {
        "date": "2014-05-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201405-309"
      },
      {
        "date": "2014-05-18T11:12:54.313000",
        "db": "NVD",
        "id": "CVE-2014-1347"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-05-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-69286"
      },
      {
        "date": "2014-05-16T00:00:00",
        "db": "BID",
        "id": "67457"
      },
      {
        "date": "2014-05-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-002533"
      },
      {
        "date": "2014-05-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201405-309"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2014-1347"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "67457"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-309"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OS X Run on  Apple iTunes File modification vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002533"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-309"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2014-1347

Vulnerability from fkie_nvd - Published: 2014-05-18 11:12 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

	URL	Tags
	product-security@apple.com	http://support.apple.com/kb/HT6251	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT6251	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	itunes	*
apple	itunes	11.0
apple	itunes	11.0.1
apple	itunes	11.0.2
apple	itunes	11.0.3
apple	itunes	11.0.4
apple	itunes	11.0.5
apple	itunes	11.1
apple	itunes	11.1.1
apple	itunes	11.1.2
apple	itunes	11.1.3
apple	itunes	11.1.4
apple	itunes	11.1.5
apple	mac_os_x	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6722DFCA-3E6E-49FE-81AE-146243731138",
              "versionEndIncluding": "11.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3979F15D-34E1-49F6-BCCE-21F4F680D9D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0181AF-C382-4500-A7AC-220DCD619F96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B04367A-1C86-4CF6-BCB7-3FA4D920E452",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:11.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F346750-0E04-46BC-94DD-524A2893D8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:11.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "48E955F0-51D4-4B91-AE05-5653800C3AC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:11.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6925AABD-3132-4144-8209-E5C47ED8459F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3EF55F1-D02F-4D20-9D35-02E83D3C0F6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:11.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7834154-4F1D-4ADD-8512-7C7CF76F8A34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:11.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E9F1B66-20BF-4942-B266-05975298CA87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:11.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "17110B7B-4E90-4906-B21D-BBB14811B1F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:11.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "23102AB3-E7C9-45F2-9B4A-480F23A18A0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:11.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0230093-CCB7-4F75-B9A2-9B073C31648D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations."
    },
    {
      "lang": "es",
      "value": "Apple iTunes anterior a 11.2.1 en OS X configura permisos de lectura universal para /Users y /Users/Shared durante reinicios, lo que permite a usuarios locales modificar archivos, y como consecuencia obtener acceso a cuentas de usuarios arbitrarios, a trav\u00e9s de operaciones est\u00e1ndar de sistemas de archivos."
    }
  ],
  "id": "CVE-2014-1347",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-18T11:12:54.313",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT6251"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT6251"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2014-AVI-233

Vulnerability from certfr_avis - Published: 2014-05-19 - Updated: 2014-05-19

Une vulnérabilité a été corrigée dans Apple iTunes. Elle permet à un attaquant de provoquer une exécution de code arbitraire et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple iTunes versions antérieures à 11.2.1

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

GSD-2014-1347

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-1347

Aliases

CVE-2014-1347

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-1347",
    "description": "Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations.",
    "id": "GSD-2014-1347"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-1347"
      ],
      "details": "Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations.",
      "id": "GSD-2014-1347",
      "modified": "2023-12-13T01:22:51.015373Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2014-1347",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://support.apple.com/kb/HT6251",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT6251"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:11.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:11.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:11.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:11.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:11.1.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:11.1.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:11.1.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "11.2",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:11.0.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:11.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:11.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:11.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:11.1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2014-1347"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.apple.com/kb/HT6251",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT6251"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2014-05-19T16:52Z",
      "publishedDate": "2014-05-18T11:12Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-1347 (GCVE-0-2014-1347)

GHSA-WV28-HFG5-XX3J

VAR-201405-0220

FKIE_CVE-2014-1347

CERTFR-2014-AVI-233

Solution

GSD-2014-1347

Tags

Sightings

Nomenclature