Cisco Trust Agent for Mac OS X Local Privilege Escalation Vulnerability
BID:24415
Info
Cisco Trust Agent for Mac OS X Local Privilege Escalation Vulnerability
| Bugtraq ID: | 24415 |
| Class: | Design Error |
| CVE: |
CVE-2007-3184 |
| Remote: | No |
| Local: | Yes |
| Published: | Jun 11 2007 12:00AM |
| Updated: | May 07 2015 05:37PM |
| Credit: | Adam Blake of Deloitte, UK is credited with the discovery of this vulnerability. |
| Vulnerable: |
Cisco Trust Agent 2.1.103 .0 Cisco Trust Agent 2.0 Cisco Trust Agent 1.0 |
| Not Vulnerable: |
Cisco Trust Agent 2.1.104 .0 |
Discussion
Cisco Trust Agent for Mac OS X Local Privilege Escalation Vulnerability
Cisco Trust Agent for Mac OS X is prone to a local privilege-escalation vulnerability because of the method that the application uses to deliver notifications to users.
Successfully exploiting this issue allows local users to gain superuser-level privileges on affected computers if it is exploited before an authorized user is authenticated. If exploited after an authorized user has been authenticated, attackers may gain user-level access to affected computers.
Versions of Cisco Trust Agent prior to 2.1.104.0 are vulnerable to this issue when running on Apple Mac OS X. Other platforms are not affected.
This issue is documented in Cisco bug ID CSCsi58799.
Cisco Trust Agent for Mac OS X is prone to a local privilege-escalation vulnerability because of the method that the application uses to deliver notifications to users.
Successfully exploiting this issue allows local users to gain superuser-level privileges on affected computers if it is exploited before an authorized user is authenticated. If exploited after an authorized user has been authenticated, attackers may gain user-level access to affected computers.
Versions of Cisco Trust Agent prior to 2.1.104.0 are vulnerable to this issue when running on Apple Mac OS X. Other platforms are not affected.
This issue is documented in Cisco bug ID CSCsi58799.
Exploit / POC
Cisco Trust Agent for Mac OS X Local Privilege Escalation Vulnerability
Attackers use core OS functionality to exploit this issue. No specific exploit code is required.
Attackers use core OS functionality to exploit this issue. No specific exploit code is required.
Solution / Fix
Cisco Trust Agent for Mac OS X Local Privilege Escalation Vulnerability
Solution:
Cisco has released Cisco Trust Agent 2.1.104.0 to address this issue. Please see the references for more information.
Registered customers may obtain the update at:
http://www.cisco.com/pcgi-bin/tablebuild.pl/cta
Solution:
Cisco has released Cisco Trust Agent 2.1.104.0 to address this issue. Please see the references for more information.
Registered customers may obtain the update at:
http://www.cisco.com/pcgi-bin/tablebuild.pl/cta
References
Cisco Trust Agent for Mac OS X Local Privilege Escalation Vulnerability
References:
References: