Design/Logic Flaw

2007-01-0902:28:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.5%

JSON

DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.

CPENameOperatorVersion
mac_os_xeq10.4.8
mac_os_x_servereq10.4.8

CPE	Name	Operator	Version
	mac_os_x	eq	10.4.8
	mac_os_x_server	eq	10.4.8

References

osvdb.org/31167

projects.info-pull.com/moab/MOAB-05-01-2007.html

secunia.com/advisories/23653

www.securityfocus.com/bid/21899

www.vupen.com/english/advisories/2007/0074