Apple Mac OS X Default Pseudo-Terminal Permission Vulnerability
BID:13467
Info
Apple Mac OS X Default Pseudo-Terminal Permission Vulnerability
| Bugtraq ID: | 13467 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | May 02 2005 12:00AM |
| Updated: | May 02 2005 12:00AM |
| Credit: | Matt Johnston <[email protected]> disclosed this issue. |
| Vulnerable: |
Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.1.5 Apple Mac OS X Server 10.1.4 Apple Mac OS X Server 10.1.3 Apple Mac OS X Server 10.1.2 Apple Mac OS X Server 10.1.1 Apple Mac OS X Server 10.1 Apple Mac OS X Server 10.0 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 Apple Mac OS X 10.2.8 Apple Mac OS X 10.2.7 Apple Mac OS X 10.2.6 Apple Mac OS X 10.2.5 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2 Apple Mac OS X 10.1.5 Apple Mac OS X 10.1.4 Apple Mac OS X 10.1.3 Apple Mac OS X 10.1.2 Apple Mac OS X 10.1.1 Apple Mac OS X 10.1 Apple Mac OS X 10.0.4 Apple Mac OS X 10.0.3 Apple Mac OS X 10.0.2 Apple Mac OS X 10.0.1 Apple Mac OS X 10.0 |
| Not Vulnerable: |
Apple Mac OS X Server 10.4 Apple Mac OS X 10.4 |
Discussion
Apple Mac OS X Default Pseudo-Terminal Permission Vulnerability
Apple Mac OS X is susceptible to a default permissions vulnerability in its pseudo terminal system. This vulnerability is due to a design error when allocating new pseudo terminals.
This vulnerability allows local users to sniff potentially sensitive data from other users. It also allows them to send arbitrary data to other users' terminals, potentially allowing them to exploit latent vulnerabilities in software utilizing the pseudo terminal.
Apple Mac OS X versions prior to 10.4 are reportedly susceptible to this vulnerability.
Apple Mac OS X is susceptible to a default permissions vulnerability in its pseudo terminal system. This vulnerability is due to a design error when allocating new pseudo terminals.
This vulnerability allows local users to sniff potentially sensitive data from other users. It also allows them to send arbitrary data to other users' terminals, potentially allowing them to exploit latent vulnerabilities in software utilizing the pseudo terminal.
Apple Mac OS X versions prior to 10.4 are reportedly susceptible to this vulnerability.
Exploit / POC
Apple Mac OS X Default Pseudo-Terminal Permission Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
Apple Mac OS X Default Pseudo-Terminal Permission Vulnerability
Solution:
Version 10.4 of Apple Mac OS X reportedly fixes this vulnerability by implementing proper default permissions on the pseudo terminal API.
Solution:
Version 10.4 of Apple Mac OS X reportedly fixes this vulnerability by implementing proper default permissions on the pseudo terminal API.
References
Apple Mac OS X Default Pseudo-Terminal Permission Vulnerability
References:
References:
- Mac OS X Homepage (Apple)
- Insecure pty permissions in OS X < 10.4 (Matt Johnston
)