header-logo
Suggest Exploit
vendor:
Mac OS X
by:
SecurityFocus
7.5
CVSS
HIGH
Arbitrary File Access
22
CWE
Product Name: Mac OS X
Affected Version From: Colorview 1.0
Affected Version To: Colorview 1.0
Patch Exists: YES
Related CWE: CVE-2000-0338
CPE: o:apple:mac_os_x:10.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Mac OS X
2000

Colorview Arbitrary File Access

Colorview is a utility used to view text files in color. It is vulnerable to an arbitrary file access vulnerability, which allows an attacker to view any file on the system that the user running the utility has access to. This vulnerability is due to the fact that Colorview fails to validate that the user has access to the file supplied to the -text option.

Mitigation:

Upgrade to the latest version of Colorview.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/336/info

Colorview fails to validate that the user has access to the file supplied to the -text option. As a result, users can view arbitrary files. 

/usr/sbin/colorview -text /var/spool/mail/admin

Navigation

Suggest Exploit

Services By CQR