Mac OS X System Preferences Writeconfig Local Privilege Escalation Vulnerability
BID:22148
Info
Mac OS X System Preferences Writeconfig Local Privilege Escalation Vulnerability
| Bugtraq ID: | 22148 |
| Class: | Design Error |
| CVE: |
CVE-2007-0022 |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 21 2007 12:00AM |
| Updated: | Apr 20 2007 04:41PM |
| Credit: | Kevin Finisterre discovered this issue. |
| Vulnerable: |
Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.3.9 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.3.9 |
| Not Vulnerable: | |
Discussion
Mac OS X System Preferences Writeconfig Local Privilege Escalation Vulnerability
Mac OS X is prone to a local privilege-escalation vulnerability because the 'System Preferences' utility fails to verify the 'PATH' environment variable.
A successful attack can allow local attackers to gain superuser privileges.
Mac OS X 10.4.8 is reported vulnerable; other versions may be affected as well.
Mac OS X is prone to a local privilege-escalation vulnerability because the 'System Preferences' utility fails to verify the 'PATH' environment variable.
A successful attack can allow local attackers to gain superuser privileges.
Mac OS X 10.4.8 is reported vulnerable; other versions may be affected as well.
Exploit / POC
Mac OS X System Preferences Writeconfig Local Privilege Escalation Vulnerability
An exploit is not required.
A proof of concept is available.
An exploit is not required.
A proof of concept is available.
Solution / Fix
Mac OS X System Preferences Writeconfig Local Privilege Escalation Vulnerability
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Apple Mac OS X 10.3.9
Apple Mac OS X Server 10.4.9
Apple Mac OS X 10.4.9
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Apple Mac OS X 10.3.9
-
Apple Security Update 2007-004 (10.3.9 Server)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13655&cat= 1&platform=osx&method=sa/SecUpdSrvr2007-004Pan.dmg -
Apple Security Update 2007-004 (10.3.9 Client)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13657&cat= 1&platform=osx&method=sa/SecUpd2007-004Pan.dmg
Apple Mac OS X Server 10.4.9
-
Apple Security Update 2007-004 (Universal)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13659&cat= 1&platform=osx&method=sa/SecUpd2007-004Univ.dmg
Apple Mac OS X 10.4.9
-
Apple Security Update 2007-004 (Universal)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13659&cat= 1&platform=osx&method=sa/SecUpd2007-004Univ.dmg
References
Mac OS X System Preferences Writeconfig Local Privilege Escalation Vulnerability
References:
References:
- Mac OS X Homepage (Apple)
- MOAB-21-01-2007: System Preferences writeconfig Local Privilege Escalation Vulne (LMH
and Kevin Finisterre - APPLE-SA-2007-04-19 Security Update 2007-004 (Apple)