Privilege escalation in Mac OS X
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2007-0117 |
| CWE-ID | CWE-264 |
| Exploitation vector | Local |
| Public exploit | This vulnerability is being exploited in the wild. |
| Vulnerable software Subscribe |
macOS Server Operating systems & Components / Operating system macOS Operating systems & Components / Operating system |
| Vendor | Apple Inc. |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Improper file permissions handling
EUVDB-ID: #VU1245
Risk: Medium
CVSSv3.1: 6.9 [CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:F/RL:U/RC:C]
CVE-ID: CVE-2007-0117
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalation privileges on vulnerable system.
The vulnerability exists in diskutil tool within DiskManagement framework when handling BOM files. A local user can create a specially crafted BOM file, run diskutil with specially crafted BOM file and replace permissions for arbitrary files on vulnerable system.
Successful exploitation of this vulnerability allows a local unprivileged user to elevate his privileges and gain root access to vulnerable system.
Note: the vulnerability is being actively exploited.
MitigationCybersecurity Help is not aware of any official solution to address this vulnerability.
Vulnerable software versionsmacOS Server: 10.4.8
macOS: 10.4.8 8L127
External linkshttp://jon.oberheide.org/moab/MOAB-05-01-2007.html
http://rixstep.com/2/2/20070810,00.shtml
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
