Mac OS X Discloses Core Files to Local Users
|
|
SecurityTracker Alert ID: 1008019
|
|
CVE Reference: CAN-2003-0877
(Links to External Site)
|
Date: Oct 28 2003
|
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: @Stake - L0pht
|
Version(s): Prior to 10.3
|
Description: A vulnerability was reported in the Mac OS X kernel. A local user may be able to overwrite arbitrary files and read root-owned core files in certain configurations.
@stake reported that if the target system is running with core files enabled (which is not the default configuration), a local user
can invoke a symlink attack. A local user can create a symbolic link from a critical file on the system to a predictable core file
name (of the form 'core.[processid]') in the '/cores' directory. Then, when the target process dumps core, the symlinked file will
be overwritten. The local user can thus read the contents of the core file.
|
Impact: A local user can overwrite arbitrary files with root privileges. A local user can view core files.
|
Solution: The vendor has reportedly issued a fixed version of Mac OS X (10.3). Users that cannot upgrade can make sure that core file creation is disabled (which is reportedly the default configuration).
|
Vendor URL: www.apple.com/ (Links to External Site)
|
Cause: Access control error, State error
|
Underlying OS: UNIX (Mac OS X)
|
Reported By: "@stake Advisories" <advisories@atstake.com>
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
