发布时间 :2005-05-19 00:00:00
修订时间 :2008-09-05 16:49:15

[原文]Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce the permissions of certain directories without the POSIX read bit set, but with the execute bits set for group or other, which allows local users to list files in otherwise restricted directories.

[CNNVD]Apple Mac OS X本地文件名信息泄露漏洞(CNNVD-200505-1129)

        Apple Mac OS X 10.4.1中的某些系统调用未正确实施某些不带POSIX读位设置而带有组或其它用户的执行位设置的目录的许可,本地用户可以列出在以其它方法加以限制的目录中的文件。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源

- 漏洞信息

Apple Mac OS X本地文件名信息泄露漏洞
低危 访问验证错误
2005-05-19 00:00:00 2005-10-20 00:00:00
        Apple Mac OS X 10.4.1中的某些系统调用未正确实施某些不带POSIX读位设置而带有组或其它用户的执行位设置的目录的许可,本地用户可以列出在以其它方法加以限制的目录中的文件。

- 公告与补丁


- 漏洞信息

Apple Mac OS X File System Search Arbitrary File Name Disclosure
Local Access Required Information Disclosure
Loss of Confidentiality
Exploit Unknown

- 漏洞描述

Mac OS X contains a flaw that may lead to an unauthorized information disclosure.  The issue is due to the incorrect checking of permissions on enclosing directories without the POSIX read, but with the POSIX execute bits set for group and other, which will disclose file names in restricted directories resulting in a loss of confidentiality.

- 时间线

2005-05-16 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 10.4.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Apple Mac OS X Local Filename Information Disclosure Vulnerability
Access Validation Error 13695
No Yes
2005-05-20 12:00:00 2009-07-12 02:56:00
John M. Glenn of San Francisco is credited with the discovery of this issue.

- 受影响的程序版本

Apple Mac OS X Server 10.4
Apple Mac OS X 10.4
Apple Mac OS X Server 10.4.1
Apple Mac OS X 10.4.1

- 不受影响的程序版本

Apple Mac OS X Server 10.4.1
Apple Mac OS X 10.4.1

- 漏洞讨论

Apple Mac OS X is susceptible to a local information disclosure vulnerability. This is due to a failure of the operating system to properly implement POSIX permissions checking in certain circumstances.

This vulnerability allows local attackers to retrieve normally forbidden names contained in directories. This scenario is commonly used to obscure access to public directories (such as '~/Public/Drop Box') for security reasons, as users are required to have knowledge about already existing files contained in these directories to be able to access them.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: <>.

- 解决方案

Apple has released advisory APPLE-SA-2005-05-19, along with fixes to address this and other issues. Please see the referenced advisory for more information.

Apple Mac OS X Server 10.4

Apple Mac OS X 10.4

- 相关参考