Viscosity setuid-set ViscosityHelper Privilege Escalation

vendor:

Viscosity

by:

Jason A. Donenfeld and juan vazquez

9,8

CVSS

CRITICAL

Privilege Escalation

N/A

CWE

Product Name: Viscosity

Affected Version From: Viscosity 1.4.1

Affected Version To: Viscosity 1.4.1

Patch Exists: NO

Related CWE: CVE-2012-4284

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Mac OS X

2012

Viscosity setuid-set ViscosityHelper Privilege Escalation

This module exploits a vulnerability in Viscosity 1.4.1 on Mac OS X. The vulnerability exists in the setuid ViscosityHelper, where an insufficient validation of path names allows execution of arbitrary python code as root. This module has been tested successfully on Viscosity 1.4.1 over Mac OS X 10.7.5.

Mitigation:

N/A

Source

Viscosity setuid-set ViscosityHelper Privilege Escalation

Mitigation:

Exploit-DB raw data: