SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   OS (UNIX)  >   Mac OS X Vendors:   Apple Computer
Mac OS X Certificate Assistant Temporary File Bug Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1021720
SecurityTracker URL:  http://securitytracker.com/id/1021720
CVE Reference:   CVE-2009-0011   (Links to External Site)
Date:  Feb 13 2009
Impact:   Modification of user information, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.5.6
Description:   A vulnerability was reported in Mac OS X Certificate Assistant. A local user can obtain elevated privileges on the target system.

The Certificate Assistant does properly handle temporary files. A local user can exploit this to cause files to be modified with the privileges of a target user running Certificate Assistant.

Systems prior to Mac OS X v10.5 are not affected.

Impact:   A local user can obtain elevated privileges on the target system.
Solution:   The vendor has issued a fix as part of Security Update 2009-001, available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

For Mac OS X v10.5.6
The download file is named: "SecUpd2009-001.dmg"
Its SHA-1 digest is: 08d8e962e2687f01b3cdc4cb386ef4e44992a1e0

For Mac OS X Server 10.5.6
The download file is named: "SecUpdSrvr2009-001.dmg"
Its SHA-1 digest is: b44344f918cbf15266cde2c989c443e455ccd88f

For Mac OS X v10.4.11 (Intel)
The download file is named: "SecUpd2009-001Intel.dmg"
Its SHA-1 digest is: e1e1a09d9543fe1a1acc759c5ed11dde58f84e0e

For Mac OS X v10.4.11 (PPC)
The download file is named: "SecUpd2009-001PPC.dmg"
Its SHA-1 digest is: a9158bed12fa6650634bc8f972a7990cddb765d9

For Mac OS X Server v10.4.11 (Universal)
The download file is named: "SecUpdSrvr2009-001Univ.dmg"
Its SHA-1 digest is: 6b056d47bbf2566cda7908590fc2ccd0ab4b889f

For Mac OS X Server v10.4.11 (PPC)
The download file is named: "SecUpdSrvr2009-001PPC.dmg"
Its SHA-1 digest is: a9f97ba89b8acc6927779859bbec3787d1fb3b2a

The vendor's advisory is available at:

http://support.apple.com/kb/HT3438

Vendor URL:  support.apple.com/kb/HT1222 (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  

Message History:   None.


 Source Message Contents

Date:  Thu, 12 Feb 2009 23:00:38 -0500
Subject:  Mac OS X


APPLE-SA-2009-02-12 Security Update 2009-001

Certificate Assistant
CVE-ID:  CVE-2009-0011
Available for:  Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact:  A local user may manipulate files with the privileges of
another user running Certificate Assistant
Description:  An insecure file operation exists in Certificate
Assistant's handling of temporary files. This could allow a local
user to overwrite files with the privileges of another user who is
running Certificate Assistant. This update addresses the issue
through improved handling of temporary files. This issue does not
affect systems prior to Mac OS X v10.5. Credit: Apple.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC