F-Secure
Tools
Apple Mac OS X ARDAgent Privilege Escalation Vulnerability
| Report ID: | SA30776 |
| Source: | Secunia |
| Date of Discovery: | 23.06.2008 |
| Criticality: | Low |
| Affects: | Apple Macintosh OS X |
| Compromise From: | Local system |
| Compromise Type: | Privilege escalation |
Summary
A vulnerability has been discovered in Mac OS X, which can be exploited by malicious, local users to gain escalated privileges.
Detailed Description
A vulnerability has been discovered in Mac OS X, which can be exploited by malicious, local users to gain escalated privileges.
The problem is that "ARDAgent", which is owned by "root" and has the setuid bit set, can be invoked to execute shell commands via AppleScript (e.g. through"osascript"). This can be exploited to execute arbitrary commands with root privileges.
The vulnerability is confirmed on Mac OS X 10.4 and is also reported in version 10.5.
The problem is that "ARDAgent", which is owned by "root" and has the setuid bit set, can be invoked to execute shell commands via AppleScript (e.g. through"osascript"). This can be exploited to execute arbitrary commands with root privileges.
The vulnerability is confirmed on Mac OS X 10.4 and is also reported in version 10.5.
Solution
Grant only trusted users access to affected systems.
Original Reference
-