Apple Remote Desktop Insecure File Permissions Let Local Users Gain Root Privileges
|
|
SecurityTracker Alert ID: 1017241 |
|
SecurityTracker URL: http://securitytracker.com/id/1017241
|
|
CVE Reference:
CVE-2006-4413
(Links to External Site)
|
Date: Nov 16 2006
|
Impact:
Modification of system information, Root access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 3.0
|
Description:
A vulnerability was reported in Apple Remote Desktop. A local user can obtain root privileges on the target system.
Apple Remote Desktop installs with insecure permissions. A local user can modify certain files to include arbitrary code so that, when the Apple Remote Desktop client software is installed or upgraded, the arbitrary code will be executed. The code will run with root privileges.
Apple credits Andrew Mortensen of the University of Michigan with reporting this vulnerability.
|
Impact:
A local user can obtain root privileges on the target system.
|
Solution:
The vendor has issued a fixed version (3.1), available at:
http://www.apple.com/support/downloads/
For Apple Remote Desktop Client
The download file is named: "RemoteDesktopClient.dmg"
Its SHA-1 digest is: 5747716690703dc6655a2882ebba77424c661650
For Apple Remote Desktop Admin
The download file is named: "RemoteDesktopAdmin310.dmg"
Its SHA-1 digest is: b86f7fb03253c70e3cf33f6ce6c8c1491daae0a7
|
Vendor URL: docs.info.apple.com/article.html?artnum=304824 (Links to External Site)
|
Cause:
Access control error, Configuration error
|
Underlying OS:
UNIX (OS X)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 16 Nov 2006 13:28:34 -0800
Subject: APPLE-SA-2006-11-16 Apple Remote Desktop 3.1
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2006-11-16 Apple Remote Desktop 3.1
Apple Remote Desktop 3.1 is now available. Along with functionality
improvements (see release notes), it also fixes the following
security issue:
Apple Remote Desktop
CVE-ID: CVE-2006-4413
Available for: Apple Remote Desktop 3.0
Impact: Malicious local users may be able to modify packages
used to install or upgrade client systems
Description: Apple Remote Desktop includes built-in packages
used to install and upgrade client systems. The permissions on
these packages could allow them to be altered by malicious local
users on Apple Remote Desktop admin systems. This could lead to
the execution of arbitrary commands with root privileges on
client systems when Apple Remote Desktop client software is
installed or upgraded. This issue has been addressed by applying
more restrictive permissions on the built-in installation
packages. Credit to Andrew Mortensen of the University of
Michigan for reporting this issue.
Apple Remote Desktop 3.1 may be obtained from:
http://www.apple.com/support/downloads/
For Apple Remote Desktop Client
The download file is named: "RemoteDesktopClient.dmg"
Its SHA-1 digest is: 5747716690703dc6655a2882ebba77424c661650
For Apple Remote Desktop Admin
The download file is named: "RemoteDesktopAdmin310.dmg"
Its SHA-1 digest is: b86f7fb03253c70e3cf33f6ce6c8c1491daae0a7
Information will also be posted to the Apple Product Security
web site: http://docs.info.apple.com/article.html?artnum=61798
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQEVAwUBRVzXVImzP5/bU5rtAQJyUQf/bBE1y/LJ3aMACIhTxBEdNK0B3D6EmdJs
7JU4bTjeZiTXKHwQkVHmSJkDu4EWYv29kcBI1r2cNMEQhZjOhfLV/YcdYnQY4wcT
RxQgvAnaWZchaWSTywFEJJL9ORQIihw5JUoaPAco+GU7ZCW3+nG13/oZ0+JwijgW
Ps8eQWWMOwzqURxyQmIpfJ3EhhKhpCgox19mD8CuHcsXOYLYA914lF0+ryIj52ko
dqcTrBPhs4Qu1ScShVHXYitiycpBHkQCvRgVryVbMbQ5oNCFpJrPWtPrQ8tQDRXL
xA56xKr1pYkieRcNGY4bmmE5fkvekBk8MaBEY2eAIsNUsMjtNhB0cg==
=T+cu
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)
|
|
