Apple Mac OS X Insecure Folder Permissions Privilege Escalation Vulnerability

Bugtraq ID:	13220
Class:	Design Error
CVE:	CVE-2005-0712
Remote:	No
Local:	Yes
Published:	Mar 22 2005 12:00AM
Updated:	Jul 12 2009 02:06PM
Credit:	Discovery credited to Eric Hall of DarkArt Consulting Services.
Vulnerable:	Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3
Not Vulnerable:

Apple Mac OS X Insecure Folder Permissions Privilege Escalation Vulnerability

Mac OS X is prone to a privilege escalation issue because of insecure folder permissions. The insecure permissions are on folders that contain the installer 'receipt cache' and 'system-level ColorSync profiles'.

Apple Mac OS X Insecure Folder Permissions Privilege Escalation Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Apple Mac OS X Insecure Folder Permissions Privilege Escalation Vulnerability

Solution:
Apple has released an advisory (APPLE-SA-2005-03-21) and fixes to address this issue.


Apple Mac OS X Server 10.3.8

• Apple SecUpdSrvr2005-003Pan.dmg
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=05530&plat form=osx&method=sa/SecUpdSrvr2005-003Pan.dmg

Apple Mac OS X 10.3.8

• Apple SecUpd2005-003Pan.dmg
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=05529&plat form=osx&method=sa/SecUpd2005-003Pan.dmg

Apple Mac OS X Insecure Folder Permissions Privilege Escalation Vulnerability

References: