Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0125

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2005-0125
Last Modified 10 Sep 2008 03:34:59
Published 02 May 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-0125

Summary

The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop privileges, which allows local users to (1) delete arbitrary files via atrm, (2) execute arbitrary programs via the -f argument to batch, or (3) read arbitrary files via the -f argument to batch, which generates a job file that is readable by the local user.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.3.4

  • Apple Mac Os X 10.3.7

  • Apple Mac Os X Server 10.3.7


References

CERT-VN - VU#678150

APPLE - APPLE-SA-2005-01-25

XF - macos-at-gain-privileges(18981)

MISC - http://www.digitalmunition.com/DMA[2005-0127a].txt

BUGTRAQ - 20050127 DMA[2005-0127a] - 'Apple OSX batch family poor use of setuid'


Last Updated: 27 May 2016 10:39:40