CVE-2011-1516

Published Nov 15, 2011

Last updated 6 years ago

CVSS info 7.6

Overview

Description: The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Apple events to the launchd daemon, a related issue to CVE-2008-7303.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.6
Impact score: 10
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC90AA12-DD17-4607-90CB-E342E83F20BB"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F3E721C-00CA-4D51-B542-F2BC5C0D65BF"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3267A41-1AE0-48B8-BD1F-DEC8A212851A"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "855288F1-0242-4951-AB3F-B7AF13E21CF6"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10082781-B93E-4B84-94F2-FA9749B4D92B"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE1EBF04-C440-4A6B-93F2-DC3A812728C2"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFB077A2-927B-43AF-BFD5-0E78648C9394"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2398ADC8-A106-462E-B9AE-F8AF800D0A3C"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1335E35A-D381-4056-9E78-37BC6DF8AD98"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C69DEE9-3FA5-408E-AD27-F5E7043F852A"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D25D1FD3-C291-492C-83A7-0AFAFAADC98D"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B565F77-C310-4B83-B098-22F9489C226C"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "546EBFC8-79F0-42C2-9B9A-A76CA3F19470"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "119C8089-8C98-472E-9E9C-1741AA21DD35"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "831C5105-6409-4743-8FB5-A91D8956202F"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.6.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B63D169-E2AA-4315-891F-B4AF99F2753C"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.6.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E715DFC-ADB8-43D0-9941-76BB0BE7BCF5"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.6.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9D96EC5-8FFC-4C8D-9C3E-EFEE79D4D52C"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8961F444-48C4-4B54-829B-A1A2D0F2716C"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09A0FA11-6211-4962-A6E0-F00732818012"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A36C17C-EBB3-4C42-9C75-6A7F2EE1F22C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References