发布时间 :2004-03-03 00:00:00
修订时间 :2008-09-05 16:37:34

[原文]VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 allows local attackers to truncate and overwrite arbitrary files, and execute arbitrary code, via a symlink attack on the VPCServices_Log temporary file.

[CNNVD]Microsoft Virtual PC For Mac临时文件权限提升漏洞(MS04-005)(CNNVD-200403-044)

        Virtual PC是一款可运行在Mac OS X和Windows平台的X86虚拟机系统。
        Mac OS X平台下的Virtual PC包含的几个程序不正确处理临时文件,本地攻击者可以利用这个漏洞获得root用户权限。
        VirtualPC_Services是一个SETUID ROOT程序,由于在建立临时文件时没有进行充分检查,允许攻击者通过符号链接,截断或覆盖系统上任意文件。

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  XF  virtual-pc-gain-privileges(15113)

- 漏洞信息

Microsoft Virtual PC For Mac临时文件权限提升漏洞(MS04-005)
中危 未知
2004-03-03 00:00:00 2005-05-13 00:00:00
        Virtual PC是一款可运行在Mac OS X和Windows平台的X86虚拟机系统。
        Mac OS X平台下的Virtual PC包含的几个程序不正确处理临时文件,本地攻击者可以利用这个漏洞获得root用户权限。
        VirtualPC_Services是一个SETUID ROOT程序,由于在建立临时文件时没有进行充分检查,允许攻击者通过符号链接,截断或覆盖系统上任意文件。

- 公告与补丁

        MS04-005:Vulnerability in Virtual PC for Mac could lead to privilege elevation (835150)

        Microsoft Upgrade Virtual PC for Mac 6.1.1

- 漏洞信息 (F32666)

Atstake Security Advisory 04-02-10.1 (PacketStormID:F32666)
2004-02-11 00:00:00
Atstake,George Gal

Atstake Security Advisory A021004-1 - Both Connectix Virtual PC 6.0.x and Microsoft Virtual PC 6.1 on Mac OS X suffer from an insecure temporary file creation vulnerability.

Hash: SHA1

                                @stake, Inc.

                             Security Advisory

Advisory Name: Virtual PC Services Insecure Temporary File Creation
 Release Date: 02/10/2004
  Application: Connectix Virtual PC 6.0.x
               Microsoft Virtual PC 6.1
     Platform: Mac OS X
     Severity: Local privilege escalation
       Author: George Gal <>
Vendor Status: Vendor has updated version of the software
CVE Candidate: CAN-2004-0115


Virtual PC is a popular x86 virtual machine emulator capable running
several guest operating systems under the Mac OS X and Windows
platforms. Virtual PC provides a set of services for managing network
sharing capabilities under Mac OS X. These services are spawned from
the setuid root binary, VirtualPC_Services, which creats several
temporary files when it is executed. The VirtualPC_Services does not
check for several unsafe conditions prior to creation of these
temporary files. As a result an attacker with interactive login
access to the system may leverage insecure temporary files to become 
root or overwrite critical system files.


@stake has identified a vulnerability within the setuid root binary, 
VirtualPC_Services, due to its inability to check for dangerous
conditions prior to temporary file creation.  This vulnerability
allows an attacker to truncate and overwrite arbitrary files in
addition to creation of arbitrary files with insecure file

Using this vulnerability it is feasible for an attacker to gain root
privileges on the system. The VirtualPC_Services binary creates a
log file upon startup as /tmp/VPCServices_Log.  An attacker may
create a symbolic link in the /tmp/ directory as VPCServices_Log
pointing to an arbitrary file to be overwritten when the
VirtualPC_Services binary is executed. However, when the symbolic
link points to a non-existent file a new file is created with file
permissions determined by the unprivileged user's umask(2) settings.

Vendor Response:

Microsoft has an updated version of the software available.

Download information available at:


If possible install the updated version of Virtual PC.

Do not install Virtual PC on a multi-user machine.  If this is a
requirement, only allow users with in a particular group to access
Virtual PC.

Common Vulnerabilities and Exposures (CVE) Information:

The Common Vulnerabilities and Exposures (CVE) project has assigned 
the following names to these issues.  These are candidates for 
inclusion in the CVE list (, which standardizes 
names for security problems.


@stake Vulnerability Reporting Policy:

@stake Advisory Archive:

PGP Key:

Copyright 2004 @stake, Inc. All rights reserved.

Version: PGP 8.0.3


- 漏洞信息

Microsoft Virtual PC for Mac Insecure Temporary Files Creation
Local Access Required Race Condition
Loss of Integrity, Loss of Availability
Exploit Public

- 漏洞描述

Virtual PC for Mac contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered because the program creates temporary files insecurely. This flaw may lead to a loss of integrity and/or availability.

- 时间线

2004-02-10 2004-02-10
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete