CVE-2002-0676

SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*

History

20 Nov 2024, 23:39

Type Values Removed Values Added
References () http://www.cunap.com/~hardingr/projects/osx/exploit.html - Vendor Advisory () http://www.cunap.com/~hardingr/projects/osx/exploit.html - Vendor Advisory
References () http://www.iss.net/security_center/static/9502.php - () http://www.iss.net/security_center/static/9502.php -
References () http://www.osvdb.org/5137 - () http://www.osvdb.org/5137 -
References () http://www.securityfocus.com/bid/5176 - () http://www.securityfocus.com/bid/5176 -

Information

Published : 2002-07-11 04:00

Updated : 2024-11-20 23:39


NVD link : CVE-2002-0676

Mitre link : CVE-2002-0676

CVE.ORG link : CVE-2002-0676


JSON object : View

Products Affected

apple

  • mac_os_x