Mac OS X Arbitrary File Overwrite via Core Files

2003-10-28T00:00:00
ID OSVDB:7067
Type osvdb
Reporter Dave G.(daveg@atstake.com)
Modified 2003-10-28T00:00:00

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when core files are created with predictable names in a world-writable directory, allowing an attacker to create symbolic links to arbitrary files to be overwritten. This flaw may lead to a loss of integrity.

Solution Description

Upgrade to version 10.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when core files are created with predictable names in a world-writable directory, allowing an attacker to create symbolic links to arbitrary files to be overwritten. This flaw may lead to a loss of integrity.

References:

Vendor Specific Advisory URL Other Advisory URL: http://www.atstake.com/research/advisories/2003/a102803-1.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-10/0286.html ISS X-Force ID: 13542 CVE-2003-0877 Bugtraq ID: 8914