#VU44923 Resource management error in macOS Server - CVE-2011-0212

Cybersecurity Help s.r.o.

Published: 2011-06-24 | Updated: 2020-08-11

Vulnerability identifier: #VU44923

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2011-0212

CWE-ID: CWE-399

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
macOS Server
Operating systems & Components / Operating system

Vendor: Apple Inc.

Description

The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.

servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML-RPC request containing an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.

Mitigation
Install update from vendor's website.

Vulnerable software versions

macOS Server: 10.6.0 - 10.6.7

External links
https://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
https://support.apple.com/kb/HT4723
https://www.securityfocus.com/bid/48445

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Resource management error in Apple MAC OS X Server