CVE-2003-0876
CVSS2.1
发布时间 :2003-11-03 00:00:00
修订时间 :2008-10-24 00:26:36
NMCOS    

[原文]Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute permissions on directories when they are dragged (copied) from a mounted volume such as a disk image (DMG), which could cause the directories to have less restrictive permissions than intended.


[CNNVD]Apple Mac OS X不安全文件权限漏洞(CNNVD-200311-014)

        
        Mac OS X是一款使用在Mac机器上的操作系统,基于BSD系统。
        Apple Mac OS X以不安全默认权限安装和建立文件,本地攻击者可以利用这个漏洞修改敏感文件或替代二进制程序导致权限提升。
        1)DMG文件权限
        Mac OS X在当拉DMG文件到磁盘映象时会重设目录权限为全局可读/写/执行。当拖文件夹到挂接的DMG中也会出现相同情况。这个重设只出现在目录上,而不会重设文件权限。由于这些目录中包含应用程序,攻击者可以使用木马程序覆盖任何应用程序。当其他高权限用户执行时会导致权限提升。
        2)不正确特定供应商文件权限
        多个Mac OS X供应商附带的应用程序安装的文件权限不正确。全局可写的文件包括:
         -应用程序和支持可执行程序。
         -目录
         -共享对象
         -配置文件
         -HTML和JavaScript
        
         这些文件多存在于以下目录中:
        
         -/Applications
         -/Library/Application Support
         -/Library/StartupItems
        

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:apple:mac_os_x:10.1.5Apple Mac OS X 10.1.5
cpe:/o:apple:mac_os_x:10.2Apple Mac OS X 10.2
cpe:/o:apple:mac_os_x_server:10.2.1Apple Mac OS X Server 10.2.1
cpe:/o:apple:mac_os_x_server:10.2.6Apple Mac OS X Server 10.2.6
cpe:/o:apple:mac_os_x:10.2.7Apple Mac OS X 10.2.7
cpe:/o:apple:mac_os_x:10.1.4Apple Mac OS X 10.1.4
cpe:/o:apple:mac_os_x:10.1Apple Mac OS X 10.1
cpe:/o:apple:mac_os_x_server:10.0Apple Mac OS X Server 10.0
cpe:/o:apple:mac_os_x:10.2.5Apple Mac OS X 10.2.5
cpe:/o:apple:mac_os_x_server:10.2Apple Mac OS X Server 10.2
cpe:/o:apple:mac_os_x_server:10.2.4Apple Mac OS X Server 10.2.4
cpe:/o:apple:mac_os_x:10.0.1Apple Mac OS X 10.0.1
cpe:/o:apple:mac_os_x:10.0.4Apple Mac OS X 10.0.4
cpe:/o:apple:mac_os_x_server:10.2.7Apple Mac OS X Server 10.2.7
cpe:/o:apple:mac_os_x:10.2.2Apple Mac OS X 10.2.2
cpe:/o:apple:mac_os_x:10.0Apple Mac OS X 10.0
cpe:/o:apple:mac_os_x:10.2.4Apple Mac OS X 10.2.4
cpe:/o:apple:mac_os_x:10.0.3Apple Mac OS X 10.0.3
cpe:/o:apple:mac_os_x:10.2.3Apple Mac OS X 10.2.3
cpe:/o:apple:mac_os_x:10.1.3Apple Mac OS X 10.1.3
cpe:/o:apple:mac_os_x:10.2.8Apple Mac OS X 10.2.8
cpe:/o:apple:mac_os_x:10.2.1Apple Mac OS X 10.2.1
cpe:/o:apple:mac_os_x_server:10.2.8Apple Mac OS X Server 10.2.8
cpe:/o:apple:mac_os_x:10.1.1Apple Mac OS X 10.1.1
cpe:/o:apple:mac_os_x_server:10.2.5Apple Mac OS X Server 10.2.5
cpe:/o:apple:mac_os_x:10.2.6Apple Mac OS X 10.2.6
cpe:/o:apple:mac_os_x:10.0.2Apple Mac OS X 10.0.2
cpe:/o:apple:mac_os_x_server:10.2.3Apple Mac OS X Server 10.2.3
cpe:/o:apple:mac_os_x_server:10.2.2Apple Mac OS X Server 10.2.2
cpe:/o:apple:mac_os_x:10.1.2Apple Mac OS X 10.1.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0876
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0876
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200311-014
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/8916
(VENDOR_ADVISORY)  BID  8916
http://xforce.iss.net/xforce/xfdb/13537
(UNKNOWN)  XF  macos-insecure-file-permissions(13537)
http://www.securityfocus.com/bid/8917
(UNKNOWN)  BID  8917
http://www.atstake.com/research/advisories/2003/a102803-1.txt
(UNKNOWN)  ATSTAKE  A102803-1

- 漏洞信息

Apple Mac OS X不安全文件权限漏洞
低危 配置错误
2003-11-03 00:00:00 2006-03-28 00:00:00
本地  
        
        Mac OS X是一款使用在Mac机器上的操作系统,基于BSD系统。
        Apple Mac OS X以不安全默认权限安装和建立文件,本地攻击者可以利用这个漏洞修改敏感文件或替代二进制程序导致权限提升。
        1)DMG文件权限
        Mac OS X在当拉DMG文件到磁盘映象时会重设目录权限为全局可读/写/执行。当拖文件夹到挂接的DMG中也会出现相同情况。这个重设只出现在目录上,而不会重设文件权限。由于这些目录中包含应用程序,攻击者可以使用木马程序覆盖任何应用程序。当其他高权限用户执行时会导致权限提升。
        2)不正确特定供应商文件权限
        多个Mac OS X供应商附带的应用程序安装的文件权限不正确。全局可写的文件包括:
         -应用程序和支持可执行程序。
         -目录
         -共享对象
         -配置文件
         -HTML和JavaScript
        
         这些文件多存在于以下目录中:
        
         -/Applications
         -/Library/Application Support
         -/Library/StartupItems
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 查看如下目录的权限:
        Applications, /Library/Application Support和/Library/StartupItems.
        可使用如下命令修改/Applications目录中的可写权限文件:
        find /Applications -type d -exec chmod o-w {} \;
        厂商补丁:
        Apple
        -----
        Mac OS X 10.3已经修补这个DMG映象问题,但是多个应用程序的不安全权限没有正确处理。
        必须注意的是Mac OS X 10.3升级是商业性质的,目前还不清楚是否提供Mac OS X 10.2.x (Jaguar)的安全升级。

- 漏洞信息

7066
Apple Mac OS X Finder Dragged Permission Weakness
Local Access Required Misconfiguration
Loss of Integrity
Exploit Public

- 漏洞描述

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when directories are copied from DMG images, which Mac OS X sets to be world-writable. This flaw may lead to a loss of integrity.

- 时间线

2003-10-24 Unknow
2003-10-24 Unknow

- 解决方案

Upgrade to version 10.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Apple Mac OS X Insecure File Permissions Vulnerabilities
Configuration Error 8916
No Yes
2003-10-28 12:00:00 2009-07-11 11:56:00
Discovery of this issue is credited to Dave G. <daveg@atstake.com>.

- 受影响的程序版本

Apple Mac OS X Server 10.2.8
Apple Mac OS X Server 10.2.7
Apple Mac OS X Server 10.2.6
Apple Mac OS X Server 10.2.5
Apple Mac OS X Server 10.2.4
Apple Mac OS X Server 10.2.3
Apple Mac OS X Server 10.2.2
Apple Mac OS X Server 10.2.1
Apple Mac OS X Server 10.2
Apple Mac OS X Server 10.0
Apple Mac OS X 10.2.8
Apple Mac OS X 10.2.7
Apple Mac OS X 10.2.6
Apple Mac OS X 10.2.5
Apple Mac OS X 10.2.4
Apple Mac OS X 10.2.3
Apple Mac OS X 10.2.2
Apple Mac OS X 10.2.1
Apple Mac OS X 10.2
Apple Mac OS X 10.1.5
Apple Mac OS X 10.1.4
Apple Mac OS X 10.1.3
Apple Mac OS X 10.1.2
Apple Mac OS X 10.1.1
Apple Mac OS X 10.1
Apple Mac OS X 10.1
Apple Mac OS X 10.0.4
Apple Mac OS X 10.0.3
Apple Mac OS X 10.0.2
Apple Mac OS X 10.0.1
Apple Mac OS X 10.0
Apple Mac OS X 10.3

- 不受影响的程序版本

Apple Mac OS X 10.3

- 漏洞讨论

There are multiple instances in Apple Mac OS X where files are installed or created with insecure permissions or inappropriate permissions. This could permit local attackers to modify sensitive files or potentially even replace binaries, which could then be executed by another user.

- 漏洞利用

Specific exploit code would not be required to exploit these issues.

- 解决方案

The Finder application has been updated in Mac OS X 10.3 to address the issue with DMG images by preserving permissions for copied directories/files. However, many of the other applications with insecure default permissions have not been addressed and should be evaluated on an individual basis and have their permissions corrected if need be.

It should be noted that the Mac OS X 10.3 (Panther) upgrade is commercially available. It is not currently known if security updates will be backported to Mac OS X 10.2.x (Jaguar).

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站