CVE-2008-3618 : The File Sharing pane in the Sharing preference pane in Apple Mac OS X 10.5 thro

The File Sharing pane in the Sharing preference pane in Apple Mac OS X 10.5 through 10.5.4 does not inform users that the complete contents of their own home directories are shared for their own use, which might allow attackers to leverage other vulnerabilities and access files for which sharing was unintended.

Published 2008-09-16 23:00:01

Updated 2017-08-08 01:32:02

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2008-3618

Apple » Mac Os X » Version: 10.5
cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.5.3
cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.5.4
cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.5.1
cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.5.2
cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2008-3618

Top countries where our scanners detected CVE-2008-3618

Top open port discovered on systems with this issue 548

IPs affected by CVE-2008-3618 31

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2008-3618!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2008-3618

EPSS FAQ

0.50%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 64 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-3618

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.0	HIGH	AV:N/AC:L/Au:S/C:C/I:C/A:C	8.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-3618

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-3618

http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html

Apple - Lists.apple.com
Patch

CVEs referencing this url
http://www.kb.cert.org/vuls/id/126787

Patch;US Government Resource
http://securitytracker.com/id?1020883
http://www.securityfocus.com/bid/31189

Patch

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/45175
http://www.us-cert.gov/cas/techalerts/TA08-260A.html

Page Not Found | CISA
US Government Resource

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/2584

Site en construction

CVEs referencing this url