Vulnerabilites related to objective_development - little_snitch
Vulnerability from fkie_nvd
Published
2017-04-06 15:59
Modified
2025-04-20 01:37
Severity ?
Summary
Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file "at.obdev.littlesnitchd.plist" which gets installed to /Library/LaunchDaemons.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| obdev | little_snitch | 3.0 | |
| obdev | little_snitch | 3.0.1 | |
| obdev | little_snitch | 3.0.2 | |
| obdev | little_snitch | 3.0.3 | |
| obdev | little_snitch | 3.0.4 | |
| obdev | little_snitch | 3.1 | |
| obdev | little_snitch | 3.1.1 | |
| obdev | little_snitch | 3.3 | |
| obdev | little_snitch | 3.3.1 | |
| obdev | little_snitch | 3.3.2 | |
| obdev | little_snitch | 3.3.3 | |
| obdev | little_snitch | 3.3.4 | |
| obdev | little_snitch | 3.4 | |
| obdev | little_snitch | 3.4.1 | |
| obdev | little_snitch | 3.4.2 | |
| obdev | little_snitch | 3.5 | |
| obdev | little_snitch | 3.5.1 | |
| obdev | little_snitch | 3.5.2 | |
| obdev | little_snitch | 3.5.3 | |
| obdev | little_snitch | 3.6 | |
| obdev | little_snitch | 3.6.1 | |
| objective_development | little_snitch | 3.6.2 | |
| objective_development | little_snitch | 3.6.3 | |
| objective_development | little_snitch | 3.6.4 | |
| objective_development | little_snitch | 3.7 | |
| objective_development | little_snitch | 3.7.1 | |
| objective_development | little_snitch | 3.7.2 | |
| objective_development | little_snitch | 3.7.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3104B3C-7FB4-45D8-8B94-38C64DB5358E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83C15999-BD32-4576-976A-2B516A159BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8B790676-4683-4C37-8D6C-A7422F29D5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA526073-1289-4A26-8D06-2F33318AD940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C3AAF8D9-02A7-4AE4-A386-6DDC0F813163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D210C3B-3A48-4ACF-A957-253F15962EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "35027020-5BFD-45EA-9371-7342B3CA9AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFCCA6D8-420C-438A-806D-E3B909B12701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8B0447E-6A54-42ED-81A9-B4B16EF2C05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08087DF0-3980-4F59-A759-DD5D710CB5FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "91998865-31C0-4F6F-A4E9-14F3C4727C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "76108E38-65E9-4918-BB90-DCD6063E64F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F625187-402F-461E-A760-EB967DA79E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A00C225-33C2-4F4A-AAF8-131A6FC8CC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "918A02B3-1F03-478E-990B-EDE245F69495",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F518B2CE-C946-47EF-81BF-C3DF3A2CF9B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8D953E-4FC7-4F31-8DB5-DC2C5115CC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34A22CFD-D6A7-4EAE-A459-69453ADEB703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "239823E3-A508-4B67-8A5F-7DCFCCBD1C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7BACEFA0-52CD-45C7-B0A0-A9B4A1EA9B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:obdev:little_snitch:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0CA536C-001F-438F-8078-C6A4F51A6C15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:objective_development:little_snitch:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1319946-6002-450D-993E-B9EB28C810E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:objective_development:little_snitch:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "028AC949-F4BB-40B9-B5E0-B8863198DFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:objective_development:little_snitch:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "03D943AE-E2B0-4E8B-B2BE-66503014A4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:objective_development:little_snitch:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FC35634E-0523-4393-99C4-BDD1EC9BDD32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:objective_development:little_snitch:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB09E064-8BFF-4013-AE23-8F9EC75BB8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:objective_development:little_snitch:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "789BC777-8B55-4E10-A50D-8D14F3D4D132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:objective_development:little_snitch:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "679E0A62-E425-4FFC-9C2F-38590D71FC3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file \"at.obdev.littlesnitchd.plist\" which gets installed to /Library/LaunchDaemons."
},
{
"lang": "es",
"value": "Little Snitch versi\u00f3n 3.0 hasta la versi\u00f3n 3.7.3 sufre de una vulnerabilidad de escalamiento de privilegios locales en la parte del instalador. La vulnerabilidad est\u00e1 relacionada con la instalaci\u00f3n del archivo de configuraci\u00f3n \"at.obdev.littlesnitchd.plist\" que se instala en /Library/LaunchDaemons."
}
],
"id": "CVE-2017-2675",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-06T15:59:00.230",
"references": [
{
"source": "office@obdev.at",
"url": "https://twitter.com/patrickwardle/status/849076615170711552"
},
{
"source": "office@obdev.at",
"url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://twitter.com/patrickwardle/status/849076615170711552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
}
],
"sourceIdentifier": "office@obdev.at",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-12 17:29
Modified
2024-11-21 03:41
Severity ?
Summary
Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| objective_development | little_snitch | * | |
| apple | macos | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:objective_development:little_snitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14CA0E0C-AAE6-4E95-A4F9-928DDDA89E1C",
"versionEndIncluding": "4.0.6",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid."
},
{
"lang": "es",
"value": "Little Snitch desde la versi\u00f3n 4.0 hasta la 4.0.6 emplea la funci\u00f3n SecStaticCodeCheckValidityWithErrors() sin el flag kSecCSCheckAllArchitectures y, por lo tanto, no valida todas las arquitecturas almacenadas en un binario fat. Un atacante puede manipular maliciosamente un binario fat que contenga m\u00faltiples arquitecturas que podr\u00eda provocar una situaci\u00f3n por la que Little Snitch considera que el proceso en ejecuci\u00f3n no tiene firma de c\u00f3digo aunque indica que el binario en el disco tiene una firma de c\u00f3digo v\u00e1lida. Esto podr\u00eda conducir a que los usuarios est\u00e9n confusos sobre si la firma de c\u00f3digo es v\u00e1lida o no."
}
],
"id": "CVE-2018-10470",
"lastModified": "2024-11-21T03:41:22.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-12T17:29:00.207",
"references": [
{
"source": "office@obdev.at",
"url": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html"
},
{
"source": "office@obdev.at",
"url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/"
}
],
"sourceIdentifier": "office@obdev.at",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "office@obdev.at",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-10470 (GCVE-0-2018-10470)
Vulnerability from cvelistv5
Published
2018-06-12 17:00
Modified
2024-09-16 21:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Summary
Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Objective Development Software GmbH | Little Snitch |
Version: 4.0 - 4.0.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:07.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Little Snitch",
"vendor": "Objective Development Software GmbH",
"versions": [
{
"status": "affected",
"version": "4.0 - 4.0.6"
}
]
}
],
"datePublic": "2018-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T17:57:01",
"orgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"shortName": "obdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2018-06-12T00:00:00",
"ID": "CVE-2018-10470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Little Snitch",
"version": {
"version_data": [
{
"version_value": "4.0 - 4.0.6"
}
]
}
}
]
},
"vendor_name": "Objective Development Software GmbH"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347: Improper Verification of Cryptographic Signature"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html",
"refsource": "CONFIRM",
"url": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html"
},
{
"name": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/",
"refsource": "MISC",
"url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"assignerShortName": "obdev",
"cveId": "CVE-2018-10470",
"datePublished": "2018-06-12T17:00:00Z",
"dateReserved": "2018-04-27T00:00:00",
"dateUpdated": "2024-09-16T21:03:03.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2675 (GCVE-0-2017-2675)
Vulnerability from cvelistv5
Published
2017-04-06 15:00
Modified
2024-08-05 14:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- unspecified
Summary
Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file "at.obdev.littlesnitchd.plist" which gets installed to /Library/LaunchDaemons.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Objective Development Software GmbH | Little Snitch |
Version: 3.0 - 3.7.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:07.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/patrickwardle/status/849076615170711552"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Little Snitch",
"vendor": "Objective Development Software GmbH",
"versions": [
{
"status": "affected",
"version": "3.0 - 3.7.3"
}
]
}
],
"datePublic": "2017-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file \"at.obdev.littlesnitchd.plist\" which gets installed to /Library/LaunchDaemons."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-11T19:57:01",
"orgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"shortName": "obdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/patrickwardle/status/849076615170711552"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-2675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Little Snitch",
"version": {
"version_data": [
{
"version_value": "3.0 - 3.7.3"
}
]
}
}
]
},
"vendor_name": "Objective Development Software GmbH"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file \"at.obdev.littlesnitchd.plist\" which gets installed to /Library/LaunchDaemons."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.obdev.at/products/littlesnitch/releasenotes.html",
"refsource": "CONFIRM",
"url": "https://www.obdev.at/products/littlesnitch/releasenotes.html"
},
{
"name": "https://twitter.com/patrickwardle/status/849076615170711552",
"refsource": "MISC",
"url": "https://twitter.com/patrickwardle/status/849076615170711552"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0cebea7-a708-4bfe-81c1-855d35eb4544",
"assignerShortName": "obdev",
"cveId": "CVE-2017-2675",
"datePublished": "2017-04-06T15:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T14:02:07.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}