6.8
CVE-2008-3646
- EPSS 1.08%
- Veröffentlicht 10.10.2008 10:30:05
- Zuletzt bearbeitet 16.06.2026 22:56:13
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.08% | 0.607 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://secunia.com/advisories/32222
http://support.apple.com/kb/HT3216
http://www.securityfocus.com/bid/31681
http://www.vupen.com/english/advisories/2008/2780
http://www.securityfocus.com/bid/31721
https://exchange.xforce.ibmcloud.com/vulnerabilities/45876