Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Mac OS X before 10.3 with core files enabled allows local users to overwrite arbitrary files and read core files via a symlink attack on core files that are created with predictable names in the /cores directory.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apple Mac OS X Core文件符号链接漏洞
Vulnerability Description
Mac OS X是一款使用在Mac机器上的操作系统,基于BSD系统。 Apple Mac OS X不安全生成core文件,本地攻击者可以利用这个漏洞通过符号链接进行权限提升攻击。 Core文件的建立在Mac OS X中默认是关闭的,如果在系统中允许生成core文件,属主为ROOT的进程会写core文件到/cores目录中,core文件的名称为core.PID(*),此文件属主为ROOT,设置权限是0400。由于/cores木默认全局可写,core文件名可预测,攻击者可以通过建立符号链接,指向系统重要文件,
CVSS Information
N/A
Vulnerability Type
N/A