Apple Mac OS X Finder DS_Store Insecure File Creation Vulnerability
BID:12458
Info
Apple Mac OS X Finder DS_Store Insecure File Creation Vulnerability
| Bugtraq ID: | 12458 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 07 2005 12:00AM |
| Updated: | Feb 07 2005 12:00AM |
| Credit: | Vade 79 <[email protected]> is credited with the discovery of this issue. |
| Vulnerable: |
Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.1.5 Apple Mac OS X Server 10.1.4 Apple Mac OS X Server 10.1.3 Apple Mac OS X Server 10.1.2 Apple Mac OS X Server 10.1.1 Apple Mac OS X Server 10.1 Apple Mac OS X Server 10.0 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 Apple Mac OS X 10.2.8 Apple Mac OS X 10.2.7 Apple Mac OS X 10.2.6 Apple Mac OS X 10.2.5 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2 Apple Mac OS X 10.1.5 Apple Mac OS X 10.1.4 Apple Mac OS X 10.1.3 Apple Mac OS X 10.1.2 Apple Mac OS X 10.1.1 Apple Mac OS X 10.1 Apple Mac OS X 10.1 Apple Mac OS X 10.0.4 Apple Mac OS X 10.0.3 Apple Mac OS X 10.0.2 Apple Mac OS X 10.0.1 Apple Mac OS X 10.0 3 Apple Mac OS X 10.0 |
| Not Vulnerable: | |
Discussion
Apple Mac OS X Finder DS_Store Insecure File Creation Vulnerability
An insecure file creation vulnerability affects Apple Mac OS X Finder. This issue is due to a failure of the application to validate the existence of files prior to creating or writing to them.
An attacker may leverage this issue to cause a system-wide denial of service or to gain escalated privileges on an affected computer, potentially leading to unauthorized superuser access.
An insecure file creation vulnerability affects Apple Mac OS X Finder. This issue is due to a failure of the application to validate the existence of files prior to creating or writing to them.
An attacker may leverage this issue to cause a system-wide denial of service or to gain escalated privileges on an affected computer, potentially leading to unauthorized superuser access.
Exploit / POC
Apple Mac OS X Finder DS_Store Insecure File Creation Vulnerability
The following exploit has been made available:
The following exploit has been made available:
Solution / Fix
Apple Mac OS X Finder DS_Store Insecure File Creation Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Apple Mac OS X Finder DS_Store Insecure File Creation Vulnerability
References:
References:
- Mac OS X Homepage (Apple)
- [OSX Finder] DS_Store arbitrary file overwrite vulnerability. (Vade 79