CVE-2007-0117

Severity

99%

Complexity

99%

Confidentiality

165%

DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.

DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

Type

Apple Mac OS X

First reported 18 years ago

2007-01-09 02:28:00

Last updated 13 years ago

2011-03-08 02:48:00

Affected Software

Apple Mac OS X 10.4.8

10.4.8

Apple Mac OS X Server 10.4.8

10.4.8

References

31167

http://projects.info-pull.com/moab/MOAB-05-01-2007.html

Exploit

23653

21899

ADV-2007-0074

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.