Apple MacOS X Xcode OpenBase SQL privilege escalation

On executing tar from suid root application TAROPTIONS environment variable is not unset, making it possible to execute any application with root privileges. External application are executed with relative path. Dynamic libraries are loaded with relative path. Symbolic links problem...

Xcode OpenBase <= 9.1.5 Local Root Exploit (OSX)

No description provided by source. !/usr/bin/perl http://www.digitalmunition.com written by kf kflistsatdigitalmunitiondotcom http://docs.info.apple.com/article.html?artnum=61798 This won't help ftp://www.openbase.com/pub/OpenBase10.0 This will This is an exploit for a 3rd party program that has...

Apple Xcode WebObjects插件权限提升漏洞

Xcode是苹果机器上所使用的开发工具。 Xcode在以高权限调用外部工具时存在漏洞，本地攻击者可能利用此漏洞提升自己的权限。 Xcode需要使用OpenBase技术为WebObjects组件提供额外的功能。OpenBase库在调用/Library/OpenBase/bin/gnutar时没有正确地使用setuid权限，在以euid=0运行OpenBase时调用了gnutar。通过使用TAROPTIONS环境变量就可以强制gnutar没有指定路径便调用gzip，因此攻击者可以通过控制PATH变量获得root权限。 Apple XCode 2.2 OpenBase OpenBase...

CVE-2006-5327

Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain...

CVE-2006-5327

Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain...