CNVD-2015-02354

Vulnerability from cnvd - Published: 2015-04-13
VLAI Severity ?
Title
Apple Mac OS X使用Open Directory明文密码发送漏洞
Description
Apple Mac OS X是苹果公司开发的操作系统。 Apple Mac OS X服务绑定Open Directory客户端时,但未能安装OS X服务器证书,客户端在更改密码时会以明文方式发送,远程攻击者可以利用漏洞获取敏感信息。
Severity
Patch Name
Apple Mac OS X使用Open Directory明文密码发送漏洞的补丁
Patch Description
Apple Mac OS X是苹果公司开发的操作系统。Apple Mac OS X服务绑定Open Directory客户端时,但未能安装OS X服务器证书,客户端在更改密码时会以明文方式发送,远程攻击者可以利用漏洞获取敏感信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

Apple Mac OS X Yosemite v10.10.3已经修复该漏洞,建议用户下载更新: https://www.apple.com

Reference
https://support.apple.com/en-us/HT204659
Impacted products
Name
['Apple OS X Mavericks v10.9.5', 'Apple OS X Yosemite v10.10 - v10.10.2']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-1147"
    }
  },
  "description": "Apple Mac OS X\u662f\u82f9\u679c\u516c\u53f8\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple Mac OS X\u670d\u52a1\u7ed1\u5b9aOpen Directory\u5ba2\u6237\u7aef\u65f6\uff0c\u4f46\u672a\u80fd\u5b89\u88c5OS X\u670d\u52a1\u5668\u8bc1\u4e66\uff0c\u5ba2\u6237\u7aef\u5728\u66f4\u6539\u5bc6\u7801\u65f6\u4f1a\u4ee5\u660e\u6587\u65b9\u5f0f\u53d1\u9001\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Apple",
  "formalWay": "Apple Mac OS X Yosemite v10.10.3\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttps://www.apple.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-02354",
  "openTime": "2015-04-13",
  "patchDescription": "Apple Mac OS X\u662f\u82f9\u679c\u516c\u53f8\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple Mac OS X\u670d\u52a1\u7ed1\u5b9aOpen Directory\u5ba2\u6237\u7aef\u65f6\uff0c\u4f46\u672a\u80fd\u5b89\u88c5OS X\u670d\u52a1\u5668\u8bc1\u4e66\uff0c\u5ba2\u6237\u7aef\u5728\u66f4\u6539\u5bc6\u7801\u65f6\u4f1a\u4ee5\u660e\u6587\u65b9\u5f0f\u53d1\u9001\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple Mac OS X\u4f7f\u7528Open Directory\u660e\u6587\u5bc6\u7801\u53d1\u9001\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple OS X Mavericks v10.9.5",
      "Apple OS X Yosemite v10.10 - v10.10.2"
    ]
  },
  "referenceLink": "https://support.apple.com/en-us/HT204659",
  "serverity": "\u4e2d",
  "submitTime": "2015-04-09",
  "title": "Apple Mac OS X\u4f7f\u7528Open Directory\u660e\u6587\u5bc6\u7801\u53d1\u9001\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.