Mac OS X Kernel Credential Caching Bug Lets Local Users Gain Elevated Privileges - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: OS (UNIX) > Mac OS X

Vendors: Apple Computer

Mac OS X Kernel Credential Caching Bug Lets Local Users Gain Elevated Privileges

SecurityTracker Alert ID: 1020877

SecurityTracker URL: http://securitytracker.com/id/1020877

CVE Reference: CVE-2008-3609 (Links to External Site)

Date: Sep 16 2008

Impact: Modification of system information, Modification of user information, Root access via local system, User access via local system

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 10.5 - 10.5.4

Description: A vulnerability was reported in Mac OS X. A local user can obtain elevated privileges on the target system.

The system does not properly flush cached credentials when a vnode is recycled. A local user can access files without having the necessary privileges.

Nevin ":-)" Liber, Thomas Pelaia of Oak Ridge National Lab, Thomas Tempelmann, and Ram Kolli reported this vulnerability.

Impact: A local user can obtain elevated privileges on the target system.

Solution: The vendor has issued a fix as part of Mac OS X v10.5.5 and Security Update 2008-006, available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Mac OS X v10.5.5 or Security Update 2008-006.

For Mac OS X v10.5.4
The download file is named: "MacOSXUpd10.5.5.dmg"
Its SHA-1 digest is: bd9bf9304a5b3162f391233fe74fc64f6dbc2bf5

For Mac OS X v10.5 - v10.5.3
The download file is named: "MacOSXUpdCombo10.5.5.dmg"
Its SHA-1 digest is: 91ac9b720ba3b4166e5dc1dd518b1651d77c0f46

For Mac OS X Server v10.5.4
The download file is named: "MacOSXServerUpd10.5.5.dmg"
Its SHA-1 digest is: 00264fd6990b568b5017f1244820d1eeebda8ab2

For Mac OS X Server v10.5 - v10.5.3
The download file is named: "MacOSXServerUpdCombo10.5.5.dmg"
Its SHA-1 digest is: cc463a4f2b2d2079fca56704057f407f86b96661

For Mac OS X v10.4.11 (Intel)
The download file is named: "SecUpd2008-006Intel.dmg"
Its SHA-1 digest is: c64a7aa8b13377b2066110fa86b4f879e0ca746b

For Mac OS X v10.4.11 (PowerPC)
The download file is named: "SecUpd2008-006PPC.dmg"
Its SHA-1 digest is: 61898bf315d04958aaf487bb92ba257d059a33ce

For Mac OS X Server v10.4.11 (Universal)
The download file is named: "SecUpdSrvr2008-006Univ.dmg"
Its SHA-1 digest is: 0309967cb7e6ae990bd3726e8af4abfeca776b63

For Mac OS X Server v10.4.11 (PowerPC)
The download file is named: "SecUpdSrvr2008-006PPC.dmg"
Its SHA-1 digest is: 61898bf315d04958aaf487bb92ba257d059a33ce

The vendor's advisory is available at:

http://support.apple.com/kb/HT3137

Vendor URL: support.apple.com/kb/HT3137 (Links to External Site)

Cause: Access control error

Underlying OS:

Message History: None.

Source Message Contents


[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC