Apple Mac OS X PPPDialer symlink attack
| macosx-pppdialer-symlink (17298) |  Medium Risk |
Description:
Apple Mac OS X could allow a local attacker to launch a symlink attack, caused by a vulnerability in the PPPDialer log file. The PPPDialer log files are stored insecurely in a world-writeable location. A local attacker could create a symbolic link from a log file to an arbitrary file, which could allow the attacker to create or overwrite files or gain elevated privileges on the system, once the program is executed.
Platforms Affected:
- Apple, Mac OS X 10.2.8
- Apple, Mac OS X 10.3.4
- Apple, Mac OS X 10.3.5
- Apple, Mac OS X Server 10.2.8
- Apple, Mac OS X Server 10.3.4
- Apple, Mac OS X Server 10.3.5
Remedy:
Apply the appropriate fix for your system dated 2004-09-07, available from the Apple Support Download Web page. See References.
Consequences:
File Manipulation
References:
- Apple Security Updates Web page, Apple Security Updates at http://docs.info.apple.com/article.html?artnum=61798.
- CIAC Information Bulletin O-212, Apple Security Update at http://www.ciac.org/ciac/bulletins/o-212.shtml.
- BID-11139: Apple PPPDialer Insecure Log File Creation Symbolic Link Vulnerability
- CVE-2004-0824: PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to overwrite system files via a symlink attack on PPPDialer log files.
- SECTRACK ID: 1011175: PPPDialer Unsafe Log Files May Let Local Users Gain Elevated Privileges
Reported:
Sep 08, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net