Mac OS X Guest User Elevated Privilege

2003-04-11T00:00:00
ID OSVDB:7062
Type osvdb
Reporter OSVDB
Modified 2003-04-11T00:00:00

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is caused by insecure permissions on the DropBox folder, used in file sharing, which allow a guest user to modify permissions from write-only. This flaw may lead to a loss of confidentiality.

Solution Description

Upgrade to version 10.2.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is caused by insecure permissions on the DropBox folder, used in file sharing, which allow a guest user to modify permissions from write-only. This flaw may lead to a loss of confidentiality.

References:

Vendor Specific Advisory URL Security Tracker: 1006557 Secunia Advisory ID:8571 ISS X-Force ID: 11830 CVE-2003-0198