Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs, which allows local users to bypass intended access restrictions via a wrapper program that calls the posix_spawnattr_setflags function.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apple Mac OS X XNU内核posix_spawn系统调用权限许可和访问控制漏洞
Vulnerability Description
Apple Mac OS X是美国苹果(Apple)公司为Mac计算机所开发的一套专用操作系统。 Apple Mac OS X 10.8.x版本中的XNU内核中的posix_spawn系统调用中存在漏洞,该漏洞源于程序没有阻止setuid和setgid程序使用_POSIX_SPAWN_DISABLE_ASLR和_POSIX_SPAWN_ALLOW_DATA_EXEC标志。本地攻击者可通过调用‘posix_spawnattr_setflags’函数的封装程序利用该漏洞绕过既定的访问限制。
CVSS Information
N/A
Vulnerability Type
N/A