CVE-2014-1347

Published May 18, 2014

Last updated 10 years ago

Overview

Description: Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations.
Source: product-security@apple.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.4
Impact score: 6.4
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-264

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6722DFCA-3E6E-49FE-81AE-146243731138",
            "versionEndIncluding": "11.2"
          },
          {
            "criteria": "cpe:2.3:a:apple:itunes:11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3979F15D-34E1-49F6-BCCE-21F4F680D9D8"
          },
          {
            "criteria": "cpe:2.3:a:apple:itunes:11.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D0181AF-C382-4500-A7AC-220DCD619F96"
          },
          {
            "criteria": "cpe:2.3:a:apple:itunes:11.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B04367A-1C86-4CF6-BCB7-3FA4D920E452"
          },
          {
            "criteria": "cpe:2.3:a:apple:itunes:11.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F346750-0E04-46BC-94DD-524A2893D8FD"
          },
          {
            "criteria": "cpe:2.3:a:apple:itunes:11.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48E955F0-51D4-4B91-AE05-5653800C3AC9"
          },
          {
            "criteria": "cpe:2.3:a:apple:itunes:11.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6925AABD-3132-4144-8209-E5C47ED8459F"
          },
          {
            "criteria": "cpe:2.3:a:apple:itunes:11.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3EF55F1-D02F-4D20-9D35-02E83D3C0F6D"
          },
          {
            "criteria": "cpe:2.3:a:apple:itunes:11.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7834154-4F1D-4ADD-8512-7C7CF76F8A34"
          },
          {
            "criteria": "cpe:2.3:a:apple:itunes:11.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E9F1B66-20BF-4942-B266-05975298CA87"
          },
          {
            "criteria": "cpe:2.3:a:apple:itunes:11.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17110B7B-4E90-4906-B21D-BBB14811B1F8"
          },
          {
            "criteria": "cpe:2.3:a:apple:itunes:11.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23102AB3-E7C9-45F2-9B4A-480F23A18A0E"
          },
          {
            "criteria": "cpe:2.3:a:apple:itunes:11.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0230093-CCB7-4F75-B9A2-9B073C31648D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References