Apple DiskManagement Framework BOM Local Privilege Escalation Vulnerability
BID:21899
Info
Apple DiskManagement Framework BOM Local Privilege Escalation Vulnerability
| Bugtraq ID: | 21899 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 05 2007 12:00AM |
| Updated: | Jan 08 2007 05:06PM |
| Credit: | LMH <[email protected]> and Kevin Finisterre reported this issue. |
| Vulnerable: |
Apple Mac OS X Server 10.4.8 Apple Mac OS X 10.4.8 |
| Not Vulnerable: | |
Discussion
Apple DiskManagement Framework BOM Local Privilege Escalation Vulnerability
Apple DiskManagement framework is prone to local privilege-escalation vulnerability. This issue occurs when handling specially crafted Bill Of Material (BOM) files.
A successful exploit would allow a local attacker to execute arbitrary code with superuser privileges. A successful exploit would lead to the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.
This issue affects DiskManagement 92.29 and Mac OS X 10.4.8; prior versions may also be affected.
Apple DiskManagement framework is prone to local privilege-escalation vulnerability. This issue occurs when handling specially crafted Bill Of Material (BOM) files.
A successful exploit would allow a local attacker to execute arbitrary code with superuser privileges. A successful exploit would lead to the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.
This issue affects DiskManagement 92.29 and Mac OS X 10.4.8; prior versions may also be affected.
Exploit / POC
Apple DiskManagement Framework BOM Local Privilege Escalation Vulnerability
The following exploit code is available:
The following exploit code is available:
Solution / Fix
Apple DiskManagement Framework BOM Local Privilege Escalation Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
Apple DiskManagement Framework BOM Local Privilege Escalation Vulnerability
References:
References:
- Mac OS X Homepage (Apple)
- MOAB-05-01-2007: Apple DiskManagement BOM Local Privilege Escalation Vulnerabili (LMH and Kevin Finisterre)