Mac OS X DirectoryServices Path Environment Privilege Escalation

2003-04-10T00:00:00
ID OSVDB:7042
Type osvdb
Reporter Dave G.(daveg@atstake.com)
Modified 2003-04-10T00:00:00

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious 'touch' command is placed in the path, which will be executed by DirectoryServices. This flaw may lead to a loss of integrity.

Solution Description

Upgrade to version 10.2.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious 'touch' command is placed in the path, which will be executed by DirectoryServices. This flaw may lead to a loss of integrity.

References:

Vendor Specific Advisory URL Other Advisory URL: http://www.atstake.com/research/advisories/2003/a041003-1.txt ISS X-Force ID: 11766 CVE-2003-0171 Bugtraq ID: 7322