Main Menu

Login



Support Virus.Org

Help support Virus.Org by donating.
Donating allows us to keep this site free and pay the running costs of all our services.
Local Root Bug Hits Tiger PDF Print E-mail
Written by Editor   
Thursday, 09 June 2005 11:24
Apple’s latest version of the OS X operating system known as Tiger is subject to a local root vulnerability. The vulnerability is a race condition in the launchd tool which manages daemons with the operating systems. The race condition exists in the creation and handling of a temporary files when launchd starts up, and could be used to allow an attacker to ‘steal’ ownership of any file on the system and even setup a root shell.

The bug was found by researchers as Suresec Ltd and their original advisory can be found here. A security fix was released by Apple as detailed in their advisory here.

The security update released yesterday by Apple includes a number of other fixes which include a Directory traversal via Bluetooth object exchange, buffer overflows which can allow the execution of arbitrary code within the AFP server, bugs in the CoreGrpahics and VPN Server that can be used to gain local root access and a number of vulnerabilities within the PHP provided with OS X that can result in Denial of Server and execution of arbitrary code.

Add this page to your favorite Social Bookmarking websites
Digg! Reddit! Del.icio.us! Google! Live! Facebook! Technorati! StumbleUpon! Yahoo!
Last Updated ( Thursday, 14 September 2006 21:59 )