VAR-200207-0061
Vulnerability from variot - Updated: 2025-04-03 22:37SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates. A vulnerability has been reported for MacOS X where an attacker may use SoftwareUpdate to install malicious software on the vulnerable system. SoftwareUpdate uses HTTP, without any authentication, to obtain updates from Apple. Any updated packages are installed on the system as the root user. In order to exploit this vulnerability, the attacker must control the machine located at swquery.apple.com, from the perspective of the vulnerable client. It may be possible to create this condition through some known techniques, including DNS cache poisoning and DNS spoofing
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200207-0061",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.1.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.1.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.1.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.1.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1"
}
],
"sources": [
{
"db": "BID",
"id": "5176"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-064"
},
{
"db": "NVD",
"id": "CVE-2002-0676"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery credited to Russell Harding \u003chardingr@ucsub.colorado.edu\u003e.",
"sources": [
{
"db": "BID",
"id": "5176"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-064"
}
],
"trust": 0.9
},
"cve": "CVE-2002-0676",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2002-0676",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-5067",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-0676",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200207-064",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-5067",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5067"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-064"
},
{
"db": "NVD",
"id": "CVE-2002-0676"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates. A vulnerability has been reported for MacOS X where an attacker may use SoftwareUpdate to install malicious software on the vulnerable system. SoftwareUpdate uses HTTP, without any authentication, to obtain updates from Apple. Any updated packages are installed on the system as the root user. \nIn order to exploit this vulnerability, the attacker must control the machine located at swquery.apple.com, from the perspective of the vulnerable client. It may be possible to create this condition through some known techniques, including DNS cache poisoning and DNS spoofing",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0676"
},
{
"db": "BID",
"id": "5176"
},
{
"db": "VULHUB",
"id": "VHN-5067"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-5067",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5067"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "5176",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "5137",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2002-0676",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200207-064",
"trust": 0.7
},
{
"db": "XF",
"id": "9502",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "21596",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-75421",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-5067",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5067"
},
{
"db": "BID",
"id": "5176"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-064"
},
{
"db": "NVD",
"id": "CVE-2002-0676"
}
]
},
"id": "VAR-200207-0061",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5067"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:37:37.819000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0676"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.cunap.com/~hardingr/projects/osx/exploit.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/5176"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/5137"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/9502.php"
},
{
"trust": 0.3,
"url": "http://docs.info.apple.com/article.html?artnum=75304"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.3,
"url": "http://depot.info.apple.com/security7-18/"
},
{
"trust": 0.1,
"url": ""
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5067"
},
{
"db": "BID",
"id": "5176"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-064"
},
{
"db": "NVD",
"id": "CVE-2002-0676"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-5067"
},
{
"db": "BID",
"id": "5176"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-064"
},
{
"db": "NVD",
"id": "CVE-2002-0676"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-5067"
},
{
"date": "2002-07-08T00:00:00",
"db": "BID",
"id": "5176"
},
{
"date": "2002-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200207-064"
},
{
"date": "2002-07-11T04:00:00",
"db": "NVD",
"id": "CVE-2002-0676"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-5067"
},
{
"date": "2002-07-08T00:00:00",
"db": "BID",
"id": "5176"
},
{
"date": "2007-03-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200207-064"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-0676"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200207-064"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MacOS X SoftwareUpdate Any package installation vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200207-064"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "5176"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-064"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…