Mac OS X Java Command Injection Flaw in updateSharingD Lets Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1024617 |
|
SecurityTracker URL: http://securitytracker.com/id/1024617
|
|
CVE Reference:
CVE-2010-1826
(Links to External Site)
|
Date: Oct 20 2010
|
Impact:
Execution of arbitrary code via local system, User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 10.5.8, 10.6.4
|
Description:
A vulnerability was reported in Java on Mac OS X. A local user can obtain elevated privileges on the target system.
A local user can create a per-user Java shared archive that, when loaded by the target user, will exploit a command injection flaw in updateSharingD to execute arbitrary commands on the target system with the privileges of the target user.
Dino Dai Zovi reported this vulnerability.
|
Impact:
A local user can obtain elevated privileges on the target system.
|
Solution:
The vendor has issued a fix (Java for Mac OS X 10.6 Update 3, Java for Mac OS X 10.5 Update 8).
The vendor's advisories are available at:
http://support.apple.com/kb/HT4417
http://support.apple.com/kb/HT4418
|
Vendor URL: support.apple.com/kb/HT4417 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 20 Oct 2010 20:58:44 +0000
Subject: Java for Mac OS X
|
Java
CVE-ID: CVE-2010-1826
Available for: Mac OS X v10.6.4, Mac OS X Server v10.6.4
Impact: A local user may be able to execute arbitrary code with the
privileges of another user who runs a Java application
Description: A command injection issue exists in updateSharingD's
handling of Mach RPC messages. A local user may be able to execute
arbitrary code with the privileges of another user who runs a Java
application. This issue is addressed by implementing a per-user Java
shared archive. This issue only affects the Mac OS X implementation
of Java. Credit to Dino Dai Zovi for reporting this issue.
|
|
