What is the severity of CVE-2003-0171?

CVE-2003-0171 is considered a moderate severity vulnerability due to its potential for local privilege escalation.

How do I fix CVE-2003-0171?

To fix CVE-2003-0171, ensure that the PATH environment variable is not misconfigured and avoid allowing untrusted directories to be included.

What systems are affected by CVE-2003-0171?

CVE-2003-0171 affects various versions of Mac OS X and Mac OS X Server, primarily versions between 10.0 and 10.2.4.

What type of vulnerability is CVE-2003-0171?

CVE-2003-0171 is a local security vulnerability that allows users to execute arbitrary commands by manipulating the PATH variable.

Who can exploit CVE-2003-0171?

CVE-2003-0171 can be exploited by local users who can modify the PATH environment variable to point to malicious executables.

Vulnerability/
CVE-2003-0171

high

7.2

CWE

NVD-CWE-Other

15/4/2003

8/8/2024

CVE-2003-0171

First published: Tue Apr 15 2003(Updated: )

DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Apple macOS Server	=10.2.2
Apple iOS and macOS	=10.0.2
Apple macOS Server	=10.2.4
Apple iOS and macOS	=10.2.1
Apple iOS and macOS	=10.1
Apple iOS and macOS	=10.0.1
Apple macOS Server	=10.2.3
Apple iOS and macOS	=10.0.3
Apple iOS and macOS	=10.1.4
Apple iOS and macOS	=10.0.4
Apple iOS and macOS	=10.2
Apple iOS and macOS	=10.2.2
Apple macOS Server	=10.2.1
Apple iOS and macOS	=10.1.1
Apple iOS and macOS	=10.1.2
Apple iOS and macOS	=10.1.3
Apple iOS and macOS	=10.0
Apple iOS and macOS	=10.2.3
Apple iOS and macOS	=10.2.4
Apple macOS Server	=10.0
Apple macOS Server	=10.2
Apple iOS and macOS	=10.1.5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2003-0171?
CVE-2003-0171 is considered a moderate severity vulnerability due to its potential for local privilege escalation.
How do I fix CVE-2003-0171?
To fix CVE-2003-0171, ensure that the PATH environment variable is not misconfigured and avoid allowing untrusted directories to be included.
What systems are affected by CVE-2003-0171?
CVE-2003-0171 affects various versions of Mac OS X and Mac OS X Server, primarily versions between 10.0 and 10.2.4.
What type of vulnerability is CVE-2003-0171?
CVE-2003-0171 is a local security vulnerability that allows users to execute arbitrary commands by manipulating the PATH variable.
Who can exploit CVE-2003-0171?
CVE-2003-0171 can be exploited by local users who can modify the PATH environment variable to point to malicious executables.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/last-modified-date
agent/weakness
agent/description
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-historical
vendor/apple
product/mac os x server
canonical/apple mac os x server
product/mac os x
canonical/apple mac os x
agent/software-canonical-lookup-request
collector/nvd-index
canonical/apple macos server
version/apple macos server/10.2.2
canonical/apple ios and macos
version/apple ios and macos/10.0.2
version/apple macos server/10.2.4
version/apple ios and macos/10.2.1
version/apple ios and macos/10.1
version/apple ios and macos/10.0.1
version/apple macos server/10.2.3
version/apple ios and macos/10.0.3
version/apple ios and macos/10.1.4
version/apple ios and macos/10.0.4
version/apple ios and macos/10.2
version/apple ios and macos/10.2.2
version/apple macos server/10.2.1
version/apple ios and macos/10.1.1
version/apple ios and macos/10.1.2
version/apple ios and macos/10.1.3
version/apple ios and macos/10.0
version/apple ios and macos/10.2.3
version/apple ios and macos/10.2.4
version/apple macos server/10.0
version/apple macos server/10.2
version/apple ios and macos/10.1.5