Mac OS X Apple File Protocol (AFP) Client Local Privilege Escalation

2007-04-19T10:33:35
ID OSVDB:34858
Type osvdb
Reporter OSVDB
Modified 2007-04-19T10:33:35

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the AFP client executes commands without properly cleaning the environment, which may allow a local user to execute commands with system privileges. This flaw may lead to a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the AFP client executes commands without properly cleaning the environment, which may allow a local user to execute commands with system privileges. This flaw may lead to a loss of integrity.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1017944 Secunia Advisory ID:24966 Related OSVDB ID: 34857 Related OSVDB ID: 34859 Related OSVDB ID: 34862 Related OSVDB ID: 34864 Related OSVDB ID: 34860 Related OSVDB ID: 34865 Related OSVDB ID: 34866 Related OSVDB ID: 34868 Related OSVDB ID: 34863 Related OSVDB ID: 34861 Related OSVDB ID: 34867 Related OSVDB ID: 34869 Related OSVDB ID: 34870 Related OSVDB ID: 34871 Mail List Post: http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html FrSIRT Advisory: ADV-2007-1470 CVE-2007-0729 CERT VU: 312424 Bugtraq ID: 23569