Mac OS X World Writable Directories Privilege Escalation

2005-03-21T00:00:00
ID OSVDB:15007
Type osvdb
Reporter (root@addcom.de), Michael Haller(info@cilly.com), Eric Hall()
Modified 2005-03-21T00:00:00

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a malicious local user to create arbitrary files on the system. The issue is due to the world-writable default permissions on some directories. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

Mac OS X contains a flaw that may allow a malicious local user to create arbitrary files on the system. The issue is due to the world-writable default permissions on some directories. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1013503 Secunia Advisory ID:14655 Mail List Post: http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html CVE-2005-0712