Mac OS X USB Keyboard Ctrl Key Root Access

2003-12-19T00:00:00
ID OSVDB:7098
Type osvdb
Reporter Richard Glaser()
Modified 2003-12-19T00:00:00

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a malicious user with physical access to gain root access. The issue is triggered when the Ctrl and c keys are pressed on the connected USB keyboard during boot and thus interrupting the system initialization. It is possible that the flaw may allow root access resulting in a loss of integrity.

Solution Description

Upgrade Mac OS X using Security Update 2003-12-19 for Mac OS X 10.2.8 "Jaguar" or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Mac OS X contains a flaw that may allow a malicious user with physical access to gain root access. The issue is triggered when the Ctrl and c keys are pressed on the connected USB keyboard during boot and thus interrupting the system initialization. It is possible that the flaw may allow root access resulting in a loss of integrity.

References:

Vendor Specific Solution URL: http://www.info.apple.com/kbnum/n120292 Vendor Specific Solution URL: http://www.info.apple.com/kbnum/n120291 Vendor Specific Advisory URL Security Tracker: 1008528 Secunia Advisory ID:10474 Other Advisory URL: http://www.macos.utah.edu/Documentation/usb_init_crash_root/usb_init_crash_root.html ISS X-Force ID: 13573 CVE-2003-1011 Bugtraq ID: 8945