The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the port before launching the setuid program, then writing to the address space of the setuid process.
References
Link | Resource |
---|---|
http://docs.info.apple.com/article.html?artnum=307041 | Broken Link |
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=630 | Broken Link |
http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html | Mailing List |
http://secunia.com/advisories/27643 | Broken Link Vendor Advisory |
http://www.securityfocus.com/bid/26444 | Broken Link Third Party Advisory VDB Entry |
http://www.us-cert.gov/cas/techalerts/TA07-319A.html | Broken Link Third Party Advisory US Government Resource |
http://www.vupen.com/english/advisories/2007/3868 | Broken Link Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/38466 | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2007-11-15T01:00:00
Updated: 2017-07-28T12:57:01
Reserved: 2007-07-12T00:00:00
Link: CVE-2007-3749
JSON object: View
NVD Information
Status : Analyzed
Published: 2007-11-15T01:46:00.000
Modified: 2024-02-09T00:35:32.037
Link: CVE-2007-3749
JSON object: View
Redhat Information
No data.
CWE