| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.3 | $5k-$25k | 0.10 |
A vulnerability was found in Apple Mac OS X 10.5.8 (Operating System) and classified as critical. This issue affects an unknown function. The manipulation with an unknown input leads to a memory corruption vulnerability. Using CWE to declare the problem leads to CWE-119. Impacted is confidentiality, integrity, and availability.
The weakness was presented 09/10/2009 with Apple as HT3865 as confirmed advisory (Website). The advisory is shared at support.apple.com. The identification of this vulnerability is CVE-2009-2800 since 08/17/2009. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $5k-$25k at the moment (estimation calculated on 08/22/2021).
The vulnerability scanner Nessus provides a plugin with the ID 40945 (Mac OS X Multiple Vulnerabilities (Security Update 2009-005)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family MacOS X Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 116609 (Apple Mac OS X Security Update 2009-005 Not Installed (APPLE-SA-2009-09-10-2)).
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
The vulnerability is also documented in the databases at X-Force (53164), Vulnerability Center (SBV-23476) and Tenable (40945). See 47872, 47871, 47520 and 50023 for similar entries.
Type
Vendor
Name
VulDB Meta Base Score: 7.3
VulDB Meta Temp Score: 7.3
VulDB Base Score: 7.3
VulDB Temp Score: 7.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Class: Memory corruption
CWE: CWE-119
ATT&CK: Unknown
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Nessus ID: 40945
Nessus Name: Mac OS X Multiple Vulnerabilities (Security Update 2009-005)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 102028
OpenVAS Name: get_kb_item(ssh/login/osx_name
OpenVAS File: 🔍
OpenVAS Family: 🔍
Threat Intelligence
Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍Recommended: no mitigation known
Status: 🔍
0-Day Time: 🔍
08/17/2009 🔍
09/10/2009 🔍
09/10/2009 🔍
09/10/2009 🔍
09/11/2009 🔍
09/11/2009 🔍
09/13/2009 🔍
03/18/2015 🔍
08/22/2021 🔍Vendor: https://www.apple.com/
Advisory: HT3865
Organization: Apple
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2009-2800 (🔍)
X-Force: 53164
Vulnerability Center: 23476 – Apple Mac OS X 10.4.11 and 10.5.8 Alias Manager Remote Arbitrary Code Execution Vulnerability, Medium
SecurityFocus: 36354 – Apple Mac OS X Alias Manager Buffer Overflow Vulnerability
OSVDB: 57947 – Apple Mac OS X Alias Manager Alias File Handling Overflow
scip Labs: https://www.scip.ch/en/?labs.20150108
See also: 🔍
Created: 03/18/2015 15:15
Updated: 08/22/2021 13:38
Changes: (1) source_nessus_risk
Complete: 🔍
Comments
See the underground prices here!
