Mac OS X NetInfo Manager Arbitrary File System Access

2002-09-12T00:00:00
ID OSVDB:7061
Type osvdb
Reporter Christopher Allene(cwis@nerim.fr )
Modified 2002-09-12T00:00:00

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered caused by the behavior of NetInfo Manager, which runs setuid root and allows a user to traverse the filesystem as root. This flaw may lead to a loss of integrity.

Solution Description

Upgrade to version 10.2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered caused by the behavior of NetInfo Manager, which runs setuid root and allows a user to traverse the filesystem as root. This flaw may lead to a loss of integrity.

References:

Vendor Specific Advisory URL Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-09/0155.html ISS X-Force ID: 10097 CVE-2002-1269 Bugtraq ID: 5705