Mac OS X Application Memory Debugging MallocLogFile Variable Insecure File Creation

2005-09-20T10:37:54
ID OSVDB:19706
Type osvdb
Reporter Ilja van Sprundel()
Modified 2005-09-20T10:37:54

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a malicious local user to create and/or manipulate arbitrary files on the system. The issue is due to malloc reading the MallocLogFile environment variable when running suid executables, modifying any file on the system. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch (Security Update 2005-008) to address this vulnerability.

Short Description

Mac OS X contains a flaw that may allow a malicious local user to create and/or manipulate arbitrary files on the system. The issue is due to malloc reading the MallocLogFile environment variable when running suid executables, modifying any file on the system. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1014960 Secunia Advisory ID:16920 Related OSVDB ID: 19703 Related OSVDB ID: 19707 Related OSVDB ID: 19704 Related OSVDB ID: 19705 Related OSVDB ID: 19708 Related OSVDB ID: 19709 Related OSVDB ID: 19710 Related OSVDB ID: 19711 Other Advisory URL: http://www.suresec.org/advisories/adv7.pdf Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0649.html Keyword: Apple Security Update 2005-008 CVE-2005-2748