Apple Mac OS X /Applications directory privilege escalation

macos-applications-privilege-escalation (31530) The risk level is classified as MediumMedium Risk

Description:

Apple Mac OS X could allow a local attacker in the admin group to gain elevated privileges, caused by insecure permissions on the /Applications directory. An attacker could overwrite binaries and use the diskutil tool to reset ownership and permissions to execute code with root privileges.

Platforms Affected:

  • Apple, Mac OS X 10.4.8

Remedy:

No remedy available as of July 4, 2009.

Consequences:

Gain Privileges

References:

  • Apple Mac OS X Web site, Apple - Mac OS X at http://www.apple.com/macosx/.
  • MOAB-15-01-2007, Multiple Mac OS X Local Privilege Escalation Vulnerabilities at http://projects.info-pull.com/moab/MOAB-15-01-2007.html.
  • CVE-2007-0345: The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group), which allows local admin users to gain root privileges by modifying a program and then performing permissions repair via diskutil.
  • OSVDB ID: 32700: Mac OS X Activity Monitor.app/Contents/Resources/pmTool Permission Weakness diskutil Privilege Escalation
  • OSVDB ID: 32701: Mac OS X Keychain Access.app/Contents/Resources/kcproxy Permission Weakness diskutil Privilege Escalation
  • OSVDB ID: 32702: Mac OS X ODBC Administrator.app/Contents/Resources/iodbcadmintool Permission Weakness diskutil Privilege Escalation

Reported:

Jan 15, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page