Vulnerability Details : CVE-2008-4212
Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions.
Products affected by CVE-2008-4212
- cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-4212
2.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-4212
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2008-4212
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2008-4212
-
Red Hat 2008-10-25Not vulnerable. This issue did not affect the versions of rsh-server packages as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. The glibcs ruserok function is used to check users authorization against rhosts files. That implementation of ruserok never opens /etc/hosts.equiv for superuser.
References for CVE-2008-4212
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/45785
-
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
Vendor Advisory
-
http://www.securityfocus.com/bid/31708
-
http://www.securitytracker.com/id?1021028
-
http://www.vupen.com/english/advisories/2008/2780
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://support.apple.com/kb/HT3216
About Security Update 2008-007 - Apple Support
-
http://www.securityfocus.com/bid/31681
Patch
Jump to