Mac OS X CFUserNotification() Function Lets Local Users Gain Root Privileges
|
|
SecurityTracker Alert ID: 1017542
|
|
SecurityTracker URL: http://securitytracker.com/id?1017542
|
|
CVE Reference: CVE-2007-0023
(Links to External Site)
|
Date: Jan 23 2007
|
Impact: Root access via local system
|
Exploit Included: Yes
|
Version(s): Tested on 10.4.8 (8L2127)
|
Description: A vulnerability was reported in Mac OS X. A local user can obtain root privileges on the target system.
A local user can call the CFUserNotificationSendRequest() function to cause the UserNotificationCenter.app application to launch
with wheel privileges. If a malicious InputManager resides in '~/Library/InputManagers', the malicious code will be run with wheel
privileges. The malicious code can invoke diskutil and exploit a wheel-writable setuid binary to execute arbitrary code with root
privileges.
匿名, KF, and LMH discovered this vulnerability.
The original advisory is available at:
http://projects.info-pull.com/moab/MOAB-22-01-200
7.html
|
Impact: A local user can obtain root privileges on the target system.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.apple.com/ (Links to External Site)
|
Cause: Access control error
|
Underlying OS: UNIX (Mac OS X)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 23 Jan 2007 15:27:47 -0500
Subject: MOAB-22-01-2007: Apple UserNotificationCenter Privilege Escalation Vulnerability
|
http://projects.info-pull.com/moab/MOAB-22-01-2007.html
CVE-2007-0023
|
|
