[<prev] [next>] [day] [month] [year] [list]
Message-ID: <ce8af193-7f9f-9a31-3725-383814b0beac@securify.nl>
Date: Sun, 2 Jul 2017 10:18:06 +0200
From: "Securify B.V." <lists@...urify.nl>
To: bugtraq@...urityfocus.com
Subject: InsomniaX loader allows loading of arbitrary Kernel Extensions
------------------------------------------------------------------------
InsomniaX loader allows loading of arbitrary Kernel Extensions
------------------------------------------------------------------------
Yorick Koster, April 2017
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was found that the loader application bundled with InsomniaX can be
used to load arbitrary Kernel Extensions (kext). The loader is normally
used to load a kext file that is needed to disable the Lid Sleep. A flaw
has been found in the loader that allows a local attacker to load (or
unload) any arbitrary kext file.
------------------------------------------------------------------------
See also
------------------------------------------------------------------------
- http://semaja2.net/2017/06/insomniax-security-notice/
- http://semaja2.net/2017/06/thank-you-and-farewell-for-now/
------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
This issue was successfully verified on InsomniaX version 2.1.8.
------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
There is currently no fix available. The author of InsomniaX reports
that InsomniaX is no longer supported. As a workaround, remove the
setuid bit from the loader file. Doing so will prevent users from
disabling the Lid Sleep.
sudo chmod u-s /Applications/InsomniaX.app/Contents/Resources/loader
------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://www.securify.nl/advisory/SFY20170405/insomniax-loader-allows-loading-of-arbitrary-kernel-extensions.html
Powered by blists - more mailing lists