Vulnerabilites related to obdev - little_snitch
CVE-2016-8661 (GCVE-0-2016-8661)
Vulnerability from cvelistv5
Published
2016-11-15 15:00
Modified
2024-08-06 02:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privileges
Summary
Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow vulnerability that could be locally exploited which could lead to an escalation of privileges (EoP) and unauthorised ring0 access to the operating system. The buffer overflow is related to insufficient checking of parameters to the "OSMalloc" and "copyin" kernel API calls.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Little Snitch version 3.0 through 3.6.1 |
Version: Little Snitch version 3.0 through 3.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:41.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94352",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94352"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://speakerdeck.com/patrickwardle/defcon-2016-i-got-99-problems-but-little-snitch-aint-one"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Little Snitch version 3.0 through 3.6.1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Little Snitch version 3.0 through 3.6.1"
}
]
}
],
"datePublic": "2016-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow vulnerability that could be locally exploited which could lead to an escalation of privileges (EoP) and unauthorised ring0 access to the operating system. The buffer overflow is related to insufficient checking of parameters to the \"OSMalloc\" and \"copyin\" kernel API calls."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"shortName": "obdev"
},
"references": [
{
"name": "94352",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94352"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://speakerdeck.com/patrickwardle/defcon-2016-i-got-99-problems-but-little-snitch-aint-one"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Little Snitch version 3.0 through 3.6.1",
"version": {
"version_data": [
{
"version_value": "Little Snitch version 3.0 through 3.6.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow vulnerability that could be locally exploited which could lead to an escalation of privileges (EoP) and unauthorised ring0 access to the operating system. The buffer overflow is related to insufficient checking of parameters to the \"OSMalloc\" and \"copyin\" kernel API calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "escalation of privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94352",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94352"
},
{
"name": "https://speakerdeck.com/patrickwardle/defcon-2016-i-got-99-problems-but-little-snitch-aint-one",
"refsource": "MISC",
"url": "https://speakerdeck.com/patrickwardle/defcon-2016-i-got-99-problems-but-little-snitch-aint-one"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"assignerShortName": "obdev",
"cveId": "CVE-2016-8661",
"datePublished": "2016-11-15T15:00:00",
"dateReserved": "2016-10-14T00:00:00",
"dateUpdated": "2024-08-06T02:27:41.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13014 (GCVE-0-2019-13014)
Vulnerability from cvelistv5
Published
2019-08-23 16:55
Modified
2024-08-04 23:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Summary
Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper which is not removed or updated immediately. Computers may therefore still be vulnerable after upgrading to 4.4.0. Version 4.4.1 fixes this issue by removing the operating system's copy during the upgrade.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Little Snitch |
Version: 4.4.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://obdev.at/cve/2019-13014-MzE24Ify4p.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Little Snitch",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper which is not removed or updated immediately. Computers may therefore still be vulnerable after upgrading to 4.4.0. Version 4.4.1 fixes this issue by removing the operating system\u0027s copy during the upgrade."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264: Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-23T16:55:55",
"orgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"shortName": "obdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://obdev.at/cve/2019-13014-MzE24Ify4p.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Little Snitch",
"version": {
"version_data": [
{
"version_value": "4.4.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper which is not removed or updated immediately. Computers may therefore still be vulnerable after upgrading to 4.4.0. Version 4.4.1 fixes this issue by removing the operating system\u0027s copy during the upgrade."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264: Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://obdev.at/cve/2019-13014-MzE24Ify4p.html",
"refsource": "MISC",
"url": "https://obdev.at/cve/2019-13014-MzE24Ify4p.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"assignerShortName": "obdev",
"cveId": "CVE-2019-13014",
"datePublished": "2019-08-23T16:55:55",
"dateReserved": "2019-06-28T00:00:00",
"dateUpdated": "2024-08-04T23:41:10.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2675 (GCVE-0-2017-2675)
Vulnerability from cvelistv5
Published
2017-04-06 15:00
Modified
2024-08-05 14:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- unspecified
Summary
Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file "at.obdev.littlesnitchd.plist" which gets installed to /Library/LaunchDaemons.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Objective Development Software GmbH | Little Snitch |
Version: 3.0 - 3.7.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:07.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/patrickwardle/status/849076615170711552"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Little Snitch",
"vendor": "Objective Development Software GmbH",
"versions": [
{
"status": "affected",
"version": "3.0 - 3.7.3"
}
]
}
],
"datePublic": "2017-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file \"at.obdev.littlesnitchd.plist\" which gets installed to /Library/LaunchDaemons."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-11T19:57:01",
"orgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"shortName": "obdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/patrickwardle/status/849076615170711552"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-2675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Little Snitch",
"version": {
"version_data": [
{
"version_value": "3.0 - 3.7.3"
}
]
}
}
]
},
"vendor_name": "Objective Development Software GmbH"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file \"at.obdev.littlesnitchd.plist\" which gets installed to /Library/LaunchDaemons."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.obdev.at/products/littlesnitch/releasenotes.html",
"refsource": "CONFIRM",
"url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
},
{
"name": "https://twitter.com/patrickwardle/status/849076615170711552",
"refsource": "MISC",
"url": "https://twitter.com/patrickwardle/status/849076615170711552"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"assignerShortName": "obdev",
"cveId": "CVE-2017-2675",
"datePublished": "2017-04-06T15:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T14:02:07.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13013 (GCVE-0-2019-13013)
Vulnerability from cvelistv5
Published
2019-08-23 16:58
Modified
2024-08-04 23:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Summary
Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. The privileged helper tool implements an XPC interface which is available to any process and allows directory listings and copying files as root.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Little Snitch |
Version: 4.3 - 4.3.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.198Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://obdev.at/cve/2019-13013-OSv2mEFD3z.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Little Snitch",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.3 - 4.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. The privileged helper tool implements an XPC interface which is available to any process and allows directory listings and copying files as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264: Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-23T16:58:49",
"orgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"shortName": "obdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://obdev.at/cve/2019-13013-OSv2mEFD3z.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Little Snitch",
"version": {
"version_data": [
{
"version_value": "4.3 - 4.3.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. The privileged helper tool implements an XPC interface which is available to any process and allows directory listings and copying files as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264: Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://obdev.at/cve/2019-13013-OSv2mEFD3z.html",
"refsource": "MISC",
"url": "https://obdev.at/cve/2019-13013-OSv2mEFD3z.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"assignerShortName": "obdev",
"cveId": "CVE-2019-13013",
"datePublished": "2019-08-23T16:58:49",
"dateReserved": "2019-06-28T00:00:00",
"dateUpdated": "2024-08-04T23:41:10.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13095 (GCVE-0-2020-13095)
Vulnerability from cvelistv5
Published
2020-06-30 16:33
Modified
2024-08-04 12:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
Little Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. This allowed the user to escalate to root by linking the path to a directory containing code executed by root.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Little Snitch |
Version: up to 4.5.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:19.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://obdev.at/cve/2020-13095-t46oXJJOwz.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Little Snitch",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "up to 4.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Little Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. This allowed the user to escalate to root by linking the path to a directory containing code executed by root."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T16:33:54",
"orgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"shortName": "obdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://obdev.at/cve/2020-13095-t46oXJJOwz.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Little Snitch",
"version": {
"version_data": [
{
"version_value": "up to 4.5.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Little Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. This allowed the user to escalate to root by linking the path to a directory containing code executed by root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://obdev.at/cve/2020-13095-t46oXJJOwz.html",
"refsource": "MISC",
"url": "https://obdev.at/cve/2020-13095-t46oXJJOwz.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"assignerShortName": "obdev",
"cveId": "CVE-2020-13095",
"datePublished": "2020-06-30T16:33:54",
"dateReserved": "2020-05-15T00:00:00",
"dateUpdated": "2024-08-04T12:11:19.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-06-30 17:15
Modified
2024-11-21 05:00
Severity ?
Summary
Little Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. This allowed the user to escalate to root by linking the path to a directory containing code executed by root.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| obdev | little_snitch | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:obdev:little_snitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A9D08E4-5785-4AEF-83B1-C95BC6B2D413",
"versionEndIncluding": "4.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Little Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. This allowed the user to escalate to root by linking the path to a directory containing code executed by root."
},
{
"lang": "es",
"value": "Little Snitch versi\u00f3n 4.5.1 y anteriores, cambiaron la propiedad de una ruta de directorio controlada por el usuario. Esto permiti\u00f3 al usuario escalar a root al enlazar la ruta a un directorio que contiene c\u00f3digo ejecutado por root"
}
],
"id": "CVE-2020-13095",
"lastModified": "2024-11-21T05:00:39.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-30T17:15:10.610",
"references": [
{
"source": "office@obdev.at",
"url": "https://obdev.at/cve/2020-13095-t46oXJJOwz.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://obdev.at/cve/2020-13095-t46oXJJOwz.html"
}
],
"sourceIdentifier": "office@obdev.at",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "office@obdev.at",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-23 17:15
Modified
2024-11-21 04:24
Severity ?
Summary
Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper which is not removed or updated immediately. Computers may therefore still be vulnerable after upgrading to 4.4.0. Version 4.4.1 fixes this issue by removing the operating system's copy during the upgrade.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| obdev | little_snitch | 4.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:obdev:little_snitch:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "797ECF4F-4B0D-417B-8DE8-24BDE95BD8AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper which is not removed or updated immediately. Computers may therefore still be vulnerable after upgrading to 4.4.0. Version 4.4.1 fixes this issue by removing the operating system\u0027s copy during the upgrade."
},
{
"lang": "es",
"value": "Little Snitch versiones 4.4.0 corrige una vulnerabilidad en una herramienta auxiliar privilegiada. Sin embargo, el sistema operativo puede haber hecho una copia del ayudante privilegiado que no se elimina o actualiza de inmediato. Por lo tanto, las computadoras a\u00fan pueden ser vulnerables despu\u00e9s de actualizar a 4.4.0. La versi\u00f3n 4.4.1 corrige este problema eliminando la copia del sistema operativo durante la actualizaci\u00f3n."
}
],
"id": "CVE-2019-13014",
"lastModified": "2024-11-21T04:24:02.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-23T17:15:13.667",
"references": [
{
"source": "office@obdev.at",
"url": "https://obdev.at/cve/2019-13014-MzE24Ify4p.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://obdev.at/cve/2019-13014-MzE24Ify4p.html"
}
],
"sourceIdentifier": "office@obdev.at",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "office@obdev.at",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-459"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-15 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow vulnerability that could be locally exploited which could lead to an escalation of privileges (EoP) and unauthorised ring0 access to the operating system. The buffer overflow is related to insufficient checking of parameters to the "OSMalloc" and "copyin" kernel API calls.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| obdev | little_snitch | 3.0 | |
| obdev | little_snitch | 3.0.1 | |
| obdev | little_snitch | 3.0.2 | |
| obdev | little_snitch | 3.0.3 | |
| obdev | little_snitch | 3.0.4 | |
| obdev | little_snitch | 3.1 | |
| obdev | little_snitch | 3.1.1 | |
| obdev | little_snitch | 3.3 | |
| obdev | little_snitch | 3.3.1 | |
| obdev | little_snitch | 3.3.2 | |
| obdev | little_snitch | 3.3.3 | |
| obdev | little_snitch | 3.3.4 | |
| obdev | little_snitch | 3.4 | |
| obdev | little_snitch | 3.4.1 | |
| obdev | little_snitch | 3.4.2 | |
| obdev | little_snitch | 3.5 | |
| obdev | little_snitch | 3.5.1 | |
| obdev | little_snitch | 3.5.2 | |
| obdev | little_snitch | 3.5.3 | |
| obdev | little_snitch | 3.6 | |
| obdev | little_snitch | 3.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3104B3C-7FB4-45D8-8B94-38C64DB5358E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83C15999-BD32-4576-976A-2B516A159BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8B790676-4683-4C37-8D6C-A7422F29D5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA526073-1289-4A26-8D06-2F33318AD940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C3AAF8D9-02A7-4AE4-A386-6DDC0F813163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D210C3B-3A48-4ACF-A957-253F15962EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "35027020-5BFD-45EA-9371-7342B3CA9AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFCCA6D8-420C-438A-806D-E3B909B12701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8B0447E-6A54-42ED-81A9-B4B16EF2C05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08087DF0-3980-4F59-A759-DD5D710CB5FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "91998865-31C0-4F6F-A4E9-14F3C4727C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "76108E38-65E9-4918-BB90-DCD6063E64F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F625187-402F-461E-A760-EB967DA79E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A00C225-33C2-4F4A-AAF8-131A6FC8CC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "918A02B3-1F03-478E-990B-EDE245F69495",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F518B2CE-C946-47EF-81BF-C3DF3A2CF9B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8D953E-4FC7-4F31-8DB5-DC2C5115CC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34A22CFD-D6A7-4EAE-A459-69453ADEB703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "239823E3-A508-4B67-8A5F-7DCFCCBD1C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7BACEFA0-52CD-45C7-B0A0-A9B4A1EA9B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0CA536C-001F-438F-8078-C6A4F51A6C15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow vulnerability that could be locally exploited which could lead to an escalation of privileges (EoP) and unauthorised ring0 access to the operating system. The buffer overflow is related to insufficient checking of parameters to the \"OSMalloc\" and \"copyin\" kernel API calls."
},
{
"lang": "es",
"value": "Little Snitch versi\u00f3n 3.0 hasta la versi\u00f3n 3.6.1 sufre de una vulnerabilidad de desbordamiento de b\u00fafer que podr\u00eda ser explotada localmente lo que podr\u00eda conducir a una escalada de privilegios (EoP) y un acceso no autorizado al sistema operativo. El desbordamiento de b\u00fafer est\u00e1 relacionado con una comprobaci\u00f3n insuficiente de los par\u00e1metros para las llamadas de la API del kernel \"OSMalloc\" y \"copyin\"."
}
],
"id": "CVE-2016-8661",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-15T15:59:00.180",
"references": [
{
"source": "office@obdev.at",
"url": "http://www.securityfocus.com/bid/94352"
},
{
"source": "office@obdev.at",
"url": "https://speakerdeck.com/patrickwardle/defcon-2016-i-got-99-problems-but-little-snitch-aint-one"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/94352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://speakerdeck.com/patrickwardle/defcon-2016-i-got-99-problems-but-little-snitch-aint-one"
}
],
"sourceIdentifier": "office@obdev.at",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-06 15:59
Modified
2025-04-20 01:37
Severity ?
Summary
Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file "at.obdev.littlesnitchd.plist" which gets installed to /Library/LaunchDaemons.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| obdev | little_snitch | 3.0 | |
| obdev | little_snitch | 3.0.1 | |
| obdev | little_snitch | 3.0.2 | |
| obdev | little_snitch | 3.0.3 | |
| obdev | little_snitch | 3.0.4 | |
| obdev | little_snitch | 3.1 | |
| obdev | little_snitch | 3.1.1 | |
| obdev | little_snitch | 3.3 | |
| obdev | little_snitch | 3.3.1 | |
| obdev | little_snitch | 3.3.2 | |
| obdev | little_snitch | 3.3.3 | |
| obdev | little_snitch | 3.3.4 | |
| obdev | little_snitch | 3.4 | |
| obdev | little_snitch | 3.4.1 | |
| obdev | little_snitch | 3.4.2 | |
| obdev | little_snitch | 3.5 | |
| obdev | little_snitch | 3.5.1 | |
| obdev | little_snitch | 3.5.2 | |
| obdev | little_snitch | 3.5.3 | |
| obdev | little_snitch | 3.6 | |
| obdev | little_snitch | 3.6.1 | |
| objective_development | little_snitch | 3.6.2 | |
| objective_development | little_snitch | 3.6.3 | |
| objective_development | little_snitch | 3.6.4 | |
| objective_development | little_snitch | 3.7 | |
| objective_development | little_snitch | 3.7.1 | |
| objective_development | little_snitch | 3.7.2 | |
| objective_development | little_snitch | 3.7.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3104B3C-7FB4-45D8-8B94-38C64DB5358E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83C15999-BD32-4576-976A-2B516A159BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8B790676-4683-4C37-8D6C-A7422F29D5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA526073-1289-4A26-8D06-2F33318AD940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C3AAF8D9-02A7-4AE4-A386-6DDC0F813163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D210C3B-3A48-4ACF-A957-253F15962EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "35027020-5BFD-45EA-9371-7342B3CA9AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFCCA6D8-420C-438A-806D-E3B909B12701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8B0447E-6A54-42ED-81A9-B4B16EF2C05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08087DF0-3980-4F59-A759-DD5D710CB5FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "91998865-31C0-4F6F-A4E9-14F3C4727C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "76108E38-65E9-4918-BB90-DCD6063E64F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F625187-402F-461E-A760-EB967DA79E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A00C225-33C2-4F4A-AAF8-131A6FC8CC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "918A02B3-1F03-478E-990B-EDE245F69495",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F518B2CE-C946-47EF-81BF-C3DF3A2CF9B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8D953E-4FC7-4F31-8DB5-DC2C5115CC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34A22CFD-D6A7-4EAE-A459-69453ADEB703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "239823E3-A508-4B67-8A5F-7DCFCCBD1C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7BACEFA0-52CD-45C7-B0A0-A9B4A1EA9B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0CA536C-001F-438F-8078-C6A4F51A6C15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:objective_development:little_snitch:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1319946-6002-450D-993E-B9EB28C810E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:objective_development:little_snitch:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "028AC949-F4BB-40B9-B5E0-B8863198DFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:objective_development:little_snitch:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "03D943AE-E2B0-4E8B-B2BE-66503014A4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:objective_development:little_snitch:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FC35634E-0523-4393-99C4-BDD1EC9BDD32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:objective_development:little_snitch:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB09E064-8BFF-4013-AE23-8F9EC75BB8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:objective_development:little_snitch:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "789BC777-8B55-4E10-A50D-8D14F3D4D132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:objective_development:little_snitch:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "679E0A62-E425-4FFC-9C2F-38590D71FC3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file \"at.obdev.littlesnitchd.plist\" which gets installed to /Library/LaunchDaemons."
},
{
"lang": "es",
"value": "Little Snitch versi\u00f3n 3.0 hasta la versi\u00f3n 3.7.3 sufre de una vulnerabilidad de escalamiento de privilegios locales en la parte del instalador. La vulnerabilidad est\u00e1 relacionada con la instalaci\u00f3n del archivo de configuraci\u00f3n \"at.obdev.littlesnitchd.plist\" que se instala en /Library/LaunchDaemons."
}
],
"id": "CVE-2017-2675",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-06T15:59:00.230",
"references": [
{
"source": "office@obdev.at",
"url": "https://twitter.com/patrickwardle/status/849076615170711552"
},
{
"source": "office@obdev.at",
"url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://twitter.com/patrickwardle/status/849076615170711552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
}
],
"sourceIdentifier": "office@obdev.at",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-23 17:15
Modified
2024-11-21 04:24
Severity ?
Summary
Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. The privileged helper tool implements an XPC interface which is available to any process and allows directory listings and copying files as root.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| obdev | little_snitch | * | |
| apple | macos | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:obdev:little_snitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFAECAF-FD32-468D-BE5C-6936FD1B46B8",
"versionEndIncluding": "4.3.2",
"versionStartIncluding": "4.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. The privileged helper tool implements an XPC interface which is available to any process and allows directory listings and copying files as root."
},
{
"lang": "es",
"value": "Little Snitch versiones 4.3.0 a 4.3.2 tienen una vulnerabilidad de escalada de privilegios locales en su herramienta auxiliar privilegiada. La herramienta auxiliar privilegiada implementa una interfaz XPC que est\u00e1 disponible para cualquier proceso y permite listados de directorios y copia de archivos como root."
}
],
"id": "CVE-2019-13013",
"lastModified": "2024-11-21T04:24:02.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-23T17:15:13.607",
"references": [
{
"source": "office@obdev.at",
"url": "https://obdev.at/cve/2019-13013-OSv2mEFD3z.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://obdev.at/cve/2019-13013-OSv2mEFD3z.html"
}
],
"sourceIdentifier": "office@obdev.at",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "office@obdev.at",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}