Mac OS X passwd Database Option Arbitrary File Creation

2006-02-28T06:02:40
ID OSVDB:23646
Type osvdb
Reporter vade79()
Modified 2006-02-28T06:02:40

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the passwd command is used with the option to specify a database to operate on. The passwd command does not verify that the user has permission to create the specified file before proceeding, and may lead to a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch (2006-001) to address this vulnerability.

Short Description

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the passwd command is used with the option to specify a database to operate on. The passwd command does not verify that the user has permission to create the specified file before proceeding, and may lead to a loss of integrity.

References:

Vendor Specific Advisory URL Secunia Advisory ID:19064 Related OSVDB ID: 23637 Related OSVDB ID: 23639 Related OSVDB ID: 23636 Related OSVDB ID: 23640 Related OSVDB ID: 23641 Related OSVDB ID: 23642 Related OSVDB ID: 23643 Related OSVDB ID: 23648 Related OSVDB ID: 23649 Related OSVDB ID: 23638 Related OSVDB ID: 23644 Related OSVDB ID: 23645 Related OSVDB ID: 23647 Other Advisory URL: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=400 News Article: http://www.informationweek.com/news/showArticle.jhtml;?articleID=181500394 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0597.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0790.html Generic Exploit URL: http://www.securiteam.com/exploits/5MP0Q0KI0G.html FrSIRT Advisory: ADV-2006-0791 CVE-2005-2713