Mac OS X Activity Monitor.app/Contents/Resources/pmTool Permission Weakness diskutil Privilege Escalation

2007-01-15T04:09:50
ID OSVDB:32700
Type osvdb
Reporter LMH(lmh@info-pull.com)
Modified 2007-01-15T04:09:50

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered because Activity Monitor.app/Contents/Resources/pmTool is setuid root, but writable by members of the Admin group. This flaw may lead to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered because Activity Monitor.app/Contents/Resources/pmTool is setuid root, but writable by members of the Admin group. This flaw may lead to a loss of integrity.

References:

Vendor URL: http://www.apple.com Related OSVDB ID: 32708 Related OSVDB ID: 32702 Other Advisory URL: http://projects.info-pull.com/moab/MOAB-15-01-2007.html ISS X-Force ID: 31530 Generic Exploit URL: http://www.milw0rm.com/exploits/3136 CVE-2007-0345