BID:9862

Macromedia Studio MX 2004 /Contribute 2 Local Privilege Escalation Vulnerability

Info

Macromedia Studio MX 2004 /Contribute 2 Local Privilege Escalation Vulnerability

Bugtraq ID:	9862
Class:	Design Error
CVE:
Remote:	No
Local:	Yes
Published:	Mar 12 2004 12:00AM
Updated:	Mar 12 2004 12:00AM
Credit:	Discovery of this issue is credited to Chris Irvine.
Vulnerable:	Macromedia Studio MX 2004 + Macromedia ColdFusion MX 6.1 + Macromedia ColdFusion MX 6.0 + Macromedia ColdFusion MX J2EE 6.1 + Macromedia ColdFusion MX J2EE 6.0 + Macromedia ColdFusion MX J2EE 5.0 + Macromedia ColdFusion Server MX Developer + Macromedia ColdFusion Server MX 6.1 + Macromedia ColdFusion Server MX 6.0 + Macromedia Dreamweaver MX 6.1 + Macromedia Dreamweaver MX 6.0 + Macromedia Fireworks MX 2004 + Macromedia Flash MX 2004 + Macromedia Freehand MX 2004 Macromedia Contribute 2.0

Not Vulnerable:

Discussion

Macromedia Studio MX 2004 /Contribute 2 Local Privilege Escalation Vulnerability

It has been reported that Macromedia Studio MX 2004 and Contribute 2 are prone to a local privilege escalation vulnerability. These issues are due to a single design error that causes the creation of a setuid binary that is globally writable.

Successful exploitation of this issue may allow an attacker to escalate their privileges.

This issue has been reported to affect only the version of the software designed for Apple Macintosh OS X.

Exploit / POC

Macromedia Studio MX 2004 /Contribute 2 Local Privilege Escalation Vulnerability

No exploit is required to leverage this vulnerability.

Solution / Fix

Macromedia Studio MX 2004 /Contribute 2 Local Privilege Escalation Vulnerability

Solution:
The vendor has released an advisory dealing with this issue. Please see the referenced advisory for more details.

Macromedia Studio MX 2004

Macromedia osx_upgrades_1_039en.dmg
http://download.macromedia.com/pub/updates/licensing/hotfix/osx_upgrad es_1_039en.dmg

Macromedia Contribute 2.0

Macromedia osx_upgrades_1_039en.dmg
http://download.macromedia.com/pub/updates/licensing/hotfix/osx_upgrad es_1_039en.dmg

References

Macromedia Studio MX 2004 /Contribute 2 Local Privilege Escalation Vulnerability

References: