lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <a06010200becf9ca29934@[17.202.21.231]>
Date: Fri, 10 Jun 2005 12:40:33 -0700
From: Peter Bierman <bierman@...le.com>
To: Jonathan Weiss <jw@...erewut.de>
Cc: full-disclosure@...ts.grok.org.uk, vulnwatch@...nwatch.org,
	BugTraq <bugtraq@...urityfocus.com>,
	"[ Suresec Advisories ]" <advisories@...esec.org>
Subject: Re:[ Suresec Advisories ] - Mac OS X 10.4 -
 launchd local root vulnerability


At 4:30 PM +0200 6/10/05, Jonathan Weiss wrote:
>  > Securesec Security Advisory  - #00003
>>  09/06/05
>>
>>  Apple Mac OS X 10.4 launchd race condition vulnerability
>>  Advisory: http://www.suresec.org/advisories/adv3.pdf
>>
>>  Description:
>>
>>  A race condition vulnerability has been found in the temporary file
>>  creation done by the suid launchd  program on Mac OSX 10.4.
>>  The for advisory for this can be downloaded from the Suresec website.
>>
>>  Risk:
>>
>>  Successful exploitation of this vulnerability results in stolen
>>  ownership of any file on the system. Using this it is trivial to get
>>  a root shell.
>>
>
>Is this fixed by the security update issued by apple some days ago?


Yes, this is fixed in Security Update 2005-006.
<http://docs.info.apple.com/article.html?artnum=301742>

launchd
CVE-ID: CAN-2005-1725
Available for: Mac OS X v10.4.1, Mac OS X Server v10.4.1
Impact: The setuid program launchd can allow local privilege escalation.
Description: A vulnerability in launchd allows local users to gain 
ownership of arbitrary files. The launchd command is updated to 
safely change ownership of files. Credit to Neil Archibald of Suresec 
LTD for reporting this issue. This issue does not affect systems 
prior to Mac OS X v10.4.

-pmb
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ