Main Vulnerability Database Vulnerabilities #VU44617

Permissions, Privileges, and Access Controls in macOS and macOS Server - CVE-2011-3216

Published: October 14, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU44617

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2011-3216

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Apple Inc.

Affected software:
macOS
macOS Server

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call.

How to mitigate CVE-2011-3216

Install update from vendor's website.

Sources

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://support.apple.com/kb/HT5002
http://www.securityfocus.com/bid/50085

Permissions, Privileges, and Access Controls in macOS and macOS Server - CVE-2011-3216

Detailed vulnerability description

How to mitigate CVE-2011-3216

Sources

Please verify you're human