Mac OS X Certificate Assistant Temporary File Bug Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID: 1021720|
SecurityTracker URL: http://securitytracker.com/id/1021720
(Links to External Site)
Date: Feb 13 2009
Modification of user information, User access via local system|
Fix Available: Yes Vendor Confirmed: Yes |
A vulnerability was reported in Mac OS X Certificate Assistant. A local user can obtain elevated privileges on the target system.|
The Certificate Assistant does properly handle temporary files. A local user can exploit this to cause files to be modified with the privileges of a target user running Certificate Assistant.
Systems prior to Mac OS X v10.5 are not affected.
A local user can obtain elevated privileges on the target system.|
The vendor has issued a fix as part of Security Update 2009-001, available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:|
For Mac OS X v10.5.6
The download file is named: "SecUpd2009-001.dmg"
Its SHA-1 digest is: 08d8e962e2687f01b3cdc4cb386ef4e44992a1e0
For Mac OS X Server 10.5.6
The download file is named: "SecUpdSrvr2009-001.dmg"
Its SHA-1 digest is: b44344f918cbf15266cde2c989c443e455ccd88f
For Mac OS X v10.4.11 (Intel)
The download file is named: "SecUpd2009-001Intel.dmg"
Its SHA-1 digest is: e1e1a09d9543fe1a1acc759c5ed11dde58f84e0e
For Mac OS X v10.4.11 (PPC)
The download file is named: "SecUpd2009-001PPC.dmg"
Its SHA-1 digest is: a9158bed12fa6650634bc8f972a7990cddb765d9
For Mac OS X Server v10.4.11 (Universal)
The download file is named: "SecUpdSrvr2009-001Univ.dmg"
Its SHA-1 digest is: 6b056d47bbf2566cda7908590fc2ccd0ab4b889f
For Mac OS X Server v10.4.11 (PPC)
The download file is named: "SecUpdSrvr2009-001PPC.dmg"
Its SHA-1 digest is: a9f97ba89b8acc6927779859bbec3787d1fb3b2a
The vendor's advisory is available at:
Vendor URL: support.apple.com/kb/HT1222 (Links to External Site)
Access control error, State error|
Source Message Contents
Date: Thu, 12 Feb 2009 23:00:38 -0500|
Subject: Mac OS X
APPLE-SA-2009-02-12 Security Update 2009-001
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: A local user may manipulate files with the privileges of
another user running Certificate Assistant
Description: An insecure file operation exists in Certificate
Assistant's handling of temporary files. This could allow a local
user to overwrite files with the privileges of another user who is
running Certificate Assistant. This update addresses the issue
through improved handling of temporary files. This issue does not
affect systems prior to Mac OS X v10.5. Credit: Apple.