1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content




Apple Mac OS X ARDAgent Privilege Escalation Vulnerability

Report ID: SA30776
Source: Secunia
Date of Discovery: 23.06.2008
Criticality: Low
Affects:
Apple Macintosh OS X

Compromise From: Local system
Compromise Type: Privilege escalation

Summary

A vulnerability has been discovered in Mac OS X, which can be exploited by malicious, local users to gain escalated privileges.

Detailed Description

A vulnerability has been discovered in Mac OS X, which can be exploited by malicious, local users to gain escalated privileges.

The problem is that "ARDAgent", which is owned by "root" and has the setuid bit set, can be invoked to execute shell commands via AppleScript (e.g. through"osascript"). This can be exploited to execute arbitrary commands with root privileges.

The vulnerability is confirmed on Mac OS X 10.4 and is also reported in version 10.5.

Solution

Grant only trusted users access to affected systems.

Original Reference

-