CVE-2008-4212

{"id": "CVE-2008-4212", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-10-10T10:30:05.137", "references": [{"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/32222", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://support.apple.com/kb/HT3216", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/31681", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/31708", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1021028", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/2780", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45785", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-16"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions."}, {"lang": "es", "value": "Vulnerabilidad sin especificar en rlogind en el componente rlogin en Mac OS X v10.4.11 v10.5.5 aplica entradas hosts.equiv a root a pesar de que en la documentaci\u00f3n se indica que podr\u00eda permitir a atacantes remotos evitar las restricciones de acceso establecidas."}], "lastModified": "2017-08-08T01:32:30.890", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EE39585-CF3B-4493-96D8-B394544C7643"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE1EBF04-C440-4A6B-93F2-DC3A812728C2"}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D09D5933-A7D9-4A61-B863-CD8E7D5E67D8"}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C147E866-B80F-4FFA-BBE8-19E84A46DB1C"}], "operator": "OR"}]}], "vendorComments": [{"comment": "Not vulnerable. This issue did not affect the versions of rsh-server packages as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.\n\nThe glibcs ruserok function is used to check users authorization against rhosts files. That implementation of ruserok never opens /etc/hosts.equiv for superuser.", "lastModified": "2008-10-25T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "cve@mitre.org"}