Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7303

Overview

Vulnerability Score 7.6 7.6
CVE Id CVE-2008-7303
Last Modified 21 Nov 2011 12:00:00
Published 15 Nov 2011 01:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-7303

Summary

The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of launchctl to trigger the launchd daemon's execution of a script file, a related issue to CVE-2011-1516.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.5.0

  • Apple Mac Os X 10.5.1

  • Apple Mac Os X 10.5.2

  • Apple Mac Os X 10.5.3

  • Apple Mac Os X 10.5.4

  • Apple Mac Os X 10.5.5

  • Apple Mac Os X 10.5.6

  • Apple Mac Os X 10.5.7

  • Apple Mac Os X 10.5.8


References

MISC - https://www.blackhat.com/presentations/bh-jp-08/bh-jp-08-Miller/BlackHat-Japan-08-Miller-Hacking-OSX.pdf

MISC - http://www.coresecurity.com/content/apple-osx-sandbox-bypass


Last Updated: 27 May 2016 10:49:32