CVE-2014-1347
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
18/05/2014
Last modified:
19/05/2014
Description
Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations.
Impact
Base Score 2.0
4.40
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:* | 11.2 (including) | |
cpe:2.3:a:apple:itunes:11.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:apple:itunes:11.0.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:apple:itunes:11.0.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:apple:itunes:11.0.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:apple:itunes:11.0.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:apple:itunes:11.0.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:apple:itunes:11.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:apple:itunes:11.1.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:apple:itunes:11.1.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:apple:itunes:11.1.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:apple:itunes:11.1.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:apple:itunes:11.1.5:*:*:*:*:*:*:* | ||
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page