CVE-2013-3667

{"id": "CVE-2013-3667", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-12-31T20:55:15.167", "references": [{"url": "http://www.barebones.com/support/bbedit/arch_bbedit1055.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.barebones.com/support/textwrangler/notes_tw453.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.barebones.com/support/yojimbo/arch_yojimbo40.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://groups.google.com/forum/#%21msg/bbedit/BjvyUKCM4Gk/ZT_v03QqPqgJ", "source": "cve@mitre.org"}, {"url": "http://www.barebones.com/support/bbedit/arch_bbedit1055.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.barebones.com/support/textwrangler/notes_tw453.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.barebones.com/support/yojimbo/arch_yojimbo40.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://groups.google.com/forum/#%21msg/bbedit/BjvyUKCM4Gk/ZT_v03QqPqgJ", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The software update mechanism as used in Bare Bones Software Yojimbo before 4.0, TextWrangler before 4.5.3, and BBEdit before 10.5.5 does not properly download and verify updates before installation, which allows attackers to perform \"tampering or corruption\" of the updates."}, {"lang": "es", "value": "El mecanismo de actualizaci\u00f3n de software que se utiliza en Bare Bones Software Yojimbo antes de 4.0, TextWrangler antes de 4.5.3, y BBEdit anterior a 10.5.5 no descarga y verifica correctamente las actualizaciones antes de la instalaci\u00f3n, lo que permite a los atacantes realizar \"la manipulaci\u00f3n o la corrupci\u00f3n\" de las actualizaciones."}], "lastModified": "2024-11-21T01:54:06.060", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:barebones:textwrangler:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73EA7D40-2439-4BFA-8ECB-049DCACFF635", "versionEndIncluding": "4.5.2"}, {"criteria": "cpe:2.3:a:barebones:textwrangler:2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1403434-D30C-4B3C-BC57-60436D9107FF"}, {"criteria": "cpe:2.3:a:barebones:textwrangler:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8186EFC1-E813-4674-A26C-A445003E0118"}, {"criteria": "cpe:2.3:a:barebones:textwrangler:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E4DED30-5415-4AAA-9677-8FBF77FFCB38"}, {"criteria": "cpe:2.3:a:barebones:textwrangler:3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FE67A27-9D10-4E71-8CD0-2B0FD0721599"}, {"criteria": "cpe:2.3:a:barebones:textwrangler:3.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96DDF8E2-61C4-484E-89C8-75B1C92391A3"}, {"criteria": "cpe:2.3:a:barebones:textwrangler:3.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAEDFC43-BC9A-4830-ABDA-AAD4849E545D"}, {"criteria": "cpe:2.3:a:barebones:textwrangler:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26E77978-B6D9-473A-A922-D54A227A9F9F"}, {"criteria": "cpe:2.3:a:barebones:textwrangler:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8755484-D577-49BB-84F8-5E298DA259AD"}, {"criteria": "cpe:2.3:a:barebones:textwrangler:4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D58435AE-C263-4972-AE9A-7A54C2CE4049"}, {"criteria": "cpe:2.3:a:barebones:textwrangler:4.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BE5D395-F805-45B1-83F5-E5AAEC7FEF2B"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:barebones:bbedit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "930F5BF0-378C-4D4A-BAEF-29E1612ECDC2", "versionEndIncluding": "10.5.4"}, {"criteria": "cpe:2.3:a:barebones:bbedit:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89B538F5-09A0-4F40-B73F-2C2125C55100"}, {"criteria": "cpe:2.3:a:barebones:bbedit:10.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B385F4B4-5EDD-4449-8DA2-74DCE8496498"}, {"criteria": "cpe:2.3:a:barebones:bbedit:10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0041F955-238E-4AD0-BAD8-BA098A904959"}, {"criteria": "cpe:2.3:a:barebones:bbedit:10.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03498766-0A63-480F-98F5-2CD929D2408C"}, {"criteria": "cpe:2.3:a:barebones:bbedit:10.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E792119E-4FE0-4E6E-B484-4B84EBAD3AEF"}, {"criteria": "cpe:2.3:a:barebones:bbedit:10.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E218878-DAF1-44C1-9035-3E9C0282F56F"}, {"criteria": "cpe:2.3:a:barebones:bbedit:10.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D93AF8FB-575D-49CF-9EE7-CBBCF8CD861E"}, {"criteria": "cpe:2.3:a:barebones:bbedit:10.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96955654-87CA-4BCB-9E50-04293FA036AB"}, {"criteria": "cpe:2.3:a:barebones:bbedit:10.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D757FE79-4412-4B84-8209-06ADFEC6927F"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:barebones:yojimbo:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4F37464-9948-47CB-90D9-A807F2256FE0", "versionEndIncluding": "3.0.4"}, {"criteria": "cpe:2.3:a:barebones:yojimbo:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "886415BF-8136-4622-88C9-69DC54ED5E73"}, {"criteria": "cpe:2.3:a:barebones:yojimbo:1.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B552EC3-AFD5-4138-8BBA-BA83947D1369"}, {"criteria": "cpe:2.3:a:barebones:yojimbo:1.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7141F7DE-6F2B-4445-8EE0-2F075A086CA8"}, {"criteria": "cpe:2.3:a:barebones:yojimbo:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC616E64-EE25-4EE1-8166-93210353F4A8"}, {"criteria": "cpe:2.3:a:barebones:yojimbo:1.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D03C7BD-2DC6-425B-BEF2-4F171676890D"}, {"criteria": "cpe:2.3:a:barebones:yojimbo:1.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4011F910-DCFF-4667-9E28-644DF2F77D9E"}, {"criteria": "cpe:2.3:a:barebones:yojimbo:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0CD2682-ED03-441D-A816-6C582FC6C587"}, {"criteria": "cpe:2.3:a:barebones:yojimbo:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD7A7D41-1240-4D7B-B96C-06BA64CC82FD"}, {"criteria": "cpe:2.3:a:barebones:yojimbo:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD3C1CDD-1BB5-46ED-8BF5-0CF0A5805285"}, {"criteria": "cpe:2.3:a:barebones:yojimbo:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9AED67C-90ED-4DC3-BB95-73ED9147F136"}, {"criteria": "cpe:2.3:a:barebones:yojimbo:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "508FF127-029E-4FA7-8674-3BA360319DB3"}, {"criteria": "cpe:2.3:a:barebones:yojimbo:3.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09FD3398-56AC-47C0-944A-31E77F511BA9"}, {"criteria": "cpe:2.3:a:barebones:yojimbo:3.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F716BBF-8F34-4B6D-806F-1D8AB65CDCE3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}