VAR-200112-0081
Vulnerability from variot - Updated: 2025-04-03 22:38Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a user's desktop folder via insecure default permissions for the Desktop when it is created in some languages. A vulnerability exists in versions of Apple MacOS X. Due to a misconfiguration of file permissions, the destop folder belonging to a given user is by default world-readable/writable. If the folder's permissions are not manually reset, arbitrary users can read from and write to any files in this location. In addition to the potential loss of confidentiality and integrity of this data, if this folder contains security-sensitive information such as usernames, passwords or configuration information, a hostile user may be able to exploit it and further undermine the security of the host. Note that some users have reported MacOS X 10.0.4 systems which do not exhibit this vulnerability. Etaoin Shrdlu shrdlu@deaddrop.org notes that this issue may be applicable to accounts created during the Max OS X beta test period: "Sounds like the problem accounts were upgrades from beta versions. If you are running an upgrade from a beta, then you might want to take a second look. Fresh installs seem to be just fine." An attempt has been made to fix this issue in MacOS X 10.1. This includes the admin account if permissions are not changed manually before the upgrade
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200112-0081",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.0.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.0.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.0.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0"
}
],
"sources": [
{
"db": "BID",
"id": "2930"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-043"
},
{
"db": "NVD",
"id": "CVE-2001-0806"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Reported to bugtraq by kangoo \u003ckangoo@saga-city.com\u003e\n on June 26, 2001.",
"sources": [
{
"db": "BID",
"id": "2930"
}
],
"trust": 0.3
},
"cve": "CVE-2001-0806",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2001-0806",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-3613",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2001-0806",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-200112-043",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-3613",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3613"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-043"
},
{
"db": "NVD",
"id": "CVE-2001-0806"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a user\u0027s desktop folder via insecure default permissions for the Desktop when it is created in some languages. A vulnerability exists in versions of Apple MacOS X. \nDue to a misconfiguration of file permissions, the destop folder belonging to a given user is by default world-readable/writable. If the folder\u0027s permissions are not manually reset, arbitrary users can read from and write to any files in this location. In addition to the potential loss of confidentiality and integrity of this data, if this folder contains security-sensitive information such as usernames, passwords or configuration information, a hostile user may be able to exploit it and further undermine the security of the host. \nNote that some users have reported MacOS X 10.0.4 systems which do not exhibit this vulnerability. \nEtaoin Shrdlu \u003cshrdlu@deaddrop.org\u003e notes that this issue may be applicable to accounts created during the Max OS X beta test period: \"Sounds like the problem accounts were upgrades from beta versions. If you are running an upgrade from a beta, then you might want to take a second look. Fresh installs seem to be just fine.\"\nAn attempt has been made to fix this issue in MacOS X 10.1. This includes the admin account if permissions are not changed manually before the upgrade",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0806"
},
{
"db": "BID",
"id": "2930"
},
{
"db": "VULHUB",
"id": "VHN-3613"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "2930",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "1882",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2001-0806",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200112-043",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20010704 RE: MACOSX 10.0.X PERMISSIONS UNCORRECTLY SET - I GOT IT",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20010626 MACOSX 10.0.X PERMISSIONS UNCORRECTLY SET",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20011007 OS X 10.1 AND LOCALIZED DESKTOP FOLDER STILL VULNERABLE",
"trust": 0.6
},
{
"db": "XF",
"id": "6750",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-3613",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3613"
},
{
"db": "BID",
"id": "2930"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-043"
},
{
"db": "NVD",
"id": "CVE-2001-0806"
}
]
},
"id": "VAR-200112-0081",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-3613"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:38:27.971000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0806"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/2930"
},
{
"trust": 1.7,
"url": "http://online.securityfocus.com/archive/1/219166"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/1882"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=99358249631139\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=99436289015729\u0026w=2"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6750"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=99358249631139\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=99436289015729\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/static/6750.php"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3613"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-043"
},
{
"db": "NVD",
"id": "CVE-2001-0806"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-3613"
},
{
"db": "BID",
"id": "2930"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-043"
},
{
"db": "NVD",
"id": "CVE-2001-0806"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-3613"
},
{
"date": "2001-06-26T00:00:00",
"db": "BID",
"id": "2930"
},
{
"date": "2001-12-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200112-043"
},
{
"date": "2001-12-06T05:00:00",
"db": "NVD",
"id": "CVE-2001-0806"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-3613"
},
{
"date": "2001-06-26T00:00:00",
"db": "BID",
"id": "2930"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200112-043"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2001-0806"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "2930"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-043"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple MacOS X Desktop Folder Access Control Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200112-043"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200112-043"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…