HP Photosmart Driver for Mac OS X hp_imaging_connectivity Privilege Escalation

2002-04-14T18:39:14
ID OSVDB:7056
Type osvdb
Reporter Andreas Mueller (afm@othello.ch)
Modified 2002-04-14T18:39:14

Description

Vulnerability Description

The HP Photosmart driver contains a flaw that may allow a malicious user to execute any file with root permissions. The driver installs a binary file (hp_imaging_connectivity.app) with world-writeable permissions. It is possible that the flaw may allow a user to replace the file with one of their own. This file is executed when a user logs into the system If root logs in, the file is executed with root permissions. This could result in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue. There are newer versions of the driver, however there has been no notice if the problem has been corrected or not.

Short Description

The HP Photosmart driver contains a flaw that may allow a malicious user to execute any file with root permissions. The driver installs a binary file (hp_imaging_connectivity.app) with world-writeable permissions. It is possible that the flaw may allow a user to replace the file with one of their own. This file is executed when a user logs into the system If root logs in, the file is executed with root permissions. This could result in a loss of integrity.

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-04/0169.html ISS X-Force ID: 8856 CVE-2002-0529 Bugtraq ID: 4518