Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apple MacOS X DirectoryService权限提升漏洞
Vulnerability Description
DirectoryServices是MacOS X信息和验证子系统,在启动阶段启动,默认setuid root属性安装。 DirectoryServices由于使用不安全函数system()执行命令,本地攻击者可以利用这个漏洞以root用户权限在系统上执行任意命令。 在DirectoryService启动的时,应用程序通过执行touch(1) UNIX命令建立文件,它通过system() libc函数来执行,由于调用system()函数时没有指定touch(1)命令的全路径,攻击者可以修改PATH环境变量
CVSS Information
N/A
Vulnerability Type
N/A