vendor:
Not provided
by:
vade79 -> v9@fakehalo.us (fakehalo/realhalo)
7.5
CVSS
HIGH
Arbitrary File Overwrite
22
CWE
Product Name: Not provided
Affected Version From: Not provided
Affected Version To: Not provided
Patch Exists: NO
Related CWE: Not provided
CPE: Not provided
Platforms Tested: Mac OS X
Not provided
[OSX Finder] DS_Store arbitrary file overwrite exploit. (root version)
This exploit allows an attacker to create a directory called "xfinder" in the user's home directory. Once the root user modifies the directory using Finder, the exploit will write to the .DS_Store file in that directory. The data written to the .DS_Store file will consist of the filenames/subdirectories and attributes of the directory. The exploit works by linking the .DS_Store file to /etc/crontab and creating a special unicode(utf8 encoded) file in the directory. The file created in unicode contains a line that will overwrite /etc/sudoers with "ALL ALL=(ALL) ALL" when written to /etc/crontab. This allows the attacker to escalate privileges and sudo to root.
Mitigation:
To mitigate this vulnerability, users should avoid opening or modifying directories created by untrusted sources. Additionally, users should ensure that their system is up to date with the latest security patches.
