Main Vulnerability Database Exploits ID:523 - Exploit for Improper file permissions handling in macOS Server and macOS - CVE-2007-0117

ID:523 - Exploit for Improper file permissions handling in macOS Server and macOS - CVE-2007-0117

Published: March 18, 2020

Vulnerability identifier: #VU1245

Vulnerability risk: Medium

CVE-ID: CVE-2007-0117

CWE-ID: CWE-264

Exploitation vector: Local access

Vulnerable software:
macOS Server
macOS

Link to public exploit:

https://www.exploit-db.com/exploits/3088/

Vulnerability description

The vulnerability allows a local user to escalation privileges on vulnerable system.

The vulnerability exists in diskutil tool within DiskManagement framework when handling BOM files. A local user can create a specially crafted BOM file, run diskutil with specially crafted BOM file and replace permissions for arbitrary files on vulnerable system.

Successful exploitation of this vulnerability allows a local unprivileged user to elevate his privileges and gain root access to vulnerable system.

Note: the vulnerability is being actively exploited.

Remediation

Cybersecurity Help is not aware of any official solution to address this vulnerability.

ID:523 - Exploit for Improper file permissions handling in macOS Server and macOS - CVE-2007-0117

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human