CVE-2007-0467
Apple Mac OSX 10.4.8 (8L2127) - 'crashdump' Local Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/.
crashdump en Apple Mac OS X 10.4.8 permite a usuarios locales del grupo admin modificar ficheros de su elección o ganar privilegios a través de ataque de enlaces simbólicos sobre logs de aplicación en /Library/Logs/CrashReporter/.
Month of Apple Bugs - crashdump follows symlinks within the /Library/Logs/CrashReporter/ directory, allowing admin-group users to execute arbitrary code and overwrite files with elevated privileges. In couple with a specially crafted Mach-O binary, this can be used to write a malicious crontab entry, which will run with root privileges. This ruby code demonstrates this vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-01-23 CVE Reserved
- 2007-01-29 CVE Published
- 2007-01-29 First Exploit
- 2024-08-07 CVE Updated
- 2024-10-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (11)
URL | Tag | Source |
---|---|---|
http://docs.info.apple.com/article.html?artnum=305214 | X_refsource_confirm | |
http://secunia.com/advisories/24479 | Third Party Advisory | |
http://www.kb.cert.org/vuls/id/363112 | Third Party Advisory | |
http://www.osvdb.org/32706 | Vdb Entry | |
http://www.securitytracker.com/id?1017751 | Vdb Entry | |
http://www.us-cert.gov/cas/techalerts/TA07-072A.html | Third Party Advisory | |
http://www.vupen.com/english/advisories/2007/0930 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/31888 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/3219 | 2007-01-29 | |
http://projects.info-pull.com/moab/MOAB-28-01-2007.html | 2024-08-07 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html | 2017-07-29 |