Vulnerability Details : CVE-2005-0125
The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop privileges, which allows local users to (1) delete arbitrary files via atrm, (2) execute arbitrary programs via the -f argument to batch, or (3) read arbitrary files via the -f argument to batch, which generates a job file that is readable by the local user.
Products affected by CVE-2005-0125
- cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.3.7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-0125
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-0125
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
References for CVE-2005-0125
-
http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html
Apple - Lists.apple.comPatch;Vendor Advisory
-
http://marc.info/?l=bugtraq&m=110685027017411&w=2
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/18981
-
http://www.kb.cert.org/vuls/id/678150
Patch;Third Party Advisory;US Government Resource
Jump to