PT-2007-2180 · Apple · Macos X+1
Published
2007-04-24
·
Updated
2011-03-08
·
CVE-2007-0729
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Apple Mac OS X versions 10.3.9 through 10.4.9
Description
The issue concerns the Apple File Protocol (AFP) Client, which does not properly clean the environment before executing commands. This allows local users to gain privileges by setting unspecified environment variables.
Recommendations
For versions 10.3.9 through 10.4.9, consider restricting the execution of commands by the AFP Client until a fix is available, and avoid setting sensitive environment variables that could be exploited.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apple File Protocol (Afp) Client
Macos X