漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Privilege escalation in Google Drive for Desktop on MacOS
Vulnerability Description
An attacker can pre-create the `/Applications/Google\ Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set its setuid bit. Since the attacker owns the directory, the attacker can replace the binary with a symlink, causing the installer to set the setuid bit on the symlink. When the symlink is executed, it will run with root permissions. We recommend upgrading past version 64.0
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L
Vulnerability Type
权限、特权和访问控制
Vulnerability Title
Google Drive for desktop 安全漏洞
Vulnerability Description
Google Drive for desktop是美国谷歌(Google)公司的一个桌面同步客户端。可让您在所有设备和云端轻松管理和共享内容。 Google Drive for desktop 64.0之前版本存在安全漏洞,该漏洞源于攻击者可以预先创建/Applications/Google Drive.app/Contents/MacOS目录,首次运行安装程序时,它将在该目录中放置一个具有执行权限的二进制文件并设置其setuid位,由于攻击者拥有该目录,攻击者可以用符号链接替换二进制文件,从而导致安装程
CVSS Information
N/A
Vulnerability Type
N/A