Mac OS X CFUserNotification() Function Lets Local Users Gain Root Privileges
|
|
SecurityTracker Alert ID: 1017542 |
|
SecurityTracker URL: http://securitytracker.com/id/1017542
|
|
CVE Reference:
CVE-2007-0023
(Links to External Site)
|
Date: Jan 23 2007
|
Impact:
Root access via local system
|
Exploit Included: Yes
|
Version(s): Tested on 10.4.8 (8L2127)
|
Description:
A vulnerability was reported in Mac OS X. A local user can obtain root privileges on the target system.
A local user can call the CFUserNotificationSendRequest() function to cause the UserNotificationCenter.app application to launch with wheel privileges. If a malicious InputManager resides in '~/Library/InputManagers', the malicious code will be run with wheel privileges. The malicious code can invoke diskutil and exploit a wheel-writable setuid binary to execute arbitrary code with root privileges.
匿名, KF, and LMH discovered this vulnerability.
The original advisory is available at:
http://projects.info-pull.com/moab/MOAB-22-01-2007.html
|
Impact:
A local user can obtain root privileges on the target system.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.apple.com/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 23 Jan 2007 15:27:47 -0500
Subject: MOAB-22-01-2007: Apple UserNotificationCenter Privilege Escalation Vulnerability
|
http://projects.info-pull.com/moab/MOAB-22-01-2007.html
CVE-2007-0023
|
|
