SecurityTracker.com Archives - Mac OS X Script Editor Uses Unsafe Temporary Files That Let Local Users Gain Elevated Privileges

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us | Help |

SecurityTracker
Archives

Click to Sign Up

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Sign Up!

Category: OS (UNIX) > Mac OS X

Vendors: Apple Computer

Mac OS X Script Editor Uses Unsafe Temporary Files That Let Local Users Gain Elevated Privileges

SecurityTracker Alert ID: 1021029

SecurityTracker URL: http://securitytracker.com/id?1021029

CVE Reference: CVE-2008-4214 (Links to External Site)

Date: Oct 10 2008

Impact: User access via local system

Fix Available: Yes Vendor Confirmed: Yes

Advisory: Apple Security Advisory

Version(s): 10.5.5 and prior versions

Description: A vulnerability was reported in Mac OS X Script Editor. A local user can obtain elevated privileges on the target system.

The Script Editor uses unsafe temporary files when opening application scripting dictionaries. A local user can cause the scripting dictionary to be written to an arbitrary path with the privileges of the target user running Script Editor.

Impact: A local user can obtain elevated privileges on the target system.

Solution: The vendor has issued a fix as part of Security Update 2008-007, available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

For Mac OS X v10.5.5
The download file is named: "SecUpd2008-007.dmg"
Its SHA-1 digest is: 2e2489a223d13e9d7b9928735b6693ab0cbe6e00

For Mac OS X Server v10.5.5
The download file is named: "SecUpdSrvr2008-007.dmg"
Its SHA-1 digest is: 62db4a0d0688bc047fcf391a20e23e1a72ae292c

For Mac OS X v10.4.11 (Intel)
The download file is named: "SecUpd2008-007Intel.dmg"
Its SHA-1 digest is: 810167ffc3480a897f0b3ef62fdaaed2cfd77f1a

For Mac OS X v10.4.11 (PPC)
The download file is named: "SecUpd2008-007PPC.dmg"
Its SHA-1 digest is: 2e1253241cec2999c8754db40816f801ad80ad8b

For Mac OS X Server v10.4.11 (Universal)
The download file is named: "SecUpdSrvr2008-007Univ.dmg"
Its SHA-1 digest is: 7c71ffd314d7412dcb73746151d4fd7c32749415

For Mac OS X Server v10.4.11 (PPC)
The download file is named: "SecUpdSrvr2008-007PPC.dmg"
Its SHA-1 digest is: be0868a142a9e2a6e93d42c3208ca9585a25cc6d

The vendor's advisory is available at:

http://support.apple.com/kb/HT3216

Vendor URL: support.apple.com/kb/HT3216 (Links to External Site)

Cause: Access control error, State error

Underlying OS: UNIX (Mac OS X)

Message History: None.

Source Message Contents

 

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2007, SecurityGlobal.net LLC