Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Intego Log Reporter TOCTOU Local Privilege Escalation
Vulnerability Description
Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that collects system and application logs for support analysis, contains a local privilege escalation vulnerability. A root-executed diagnostic script creates and writes files in /tmp without enforcing secure directory handling, introducing a time-of-check to time-of-use (TOCTOU) race condition. A local unprivileged user can exploit a symlink-based race condition to cause arbitrary file writes to privileged system locations, resulting in privilege escalation to root.
CVSS Information
N/A
Vulnerability Type
检查时间与使用时间(TOCTOU)的竞争条件
Vulnerability Title
Intego Log Reporter 安全漏洞
Vulnerability Description
Intego Log Reporter是Intego公司的一个日志收集和分析工具。 Intego Log Reporter存在安全漏洞,该漏洞源于以root权限执行的诊断脚本在/tmp中创建和写入文件时未强制执行安全目录处理,引入TOCTOU竞争条件,可能导致本地非特权用户通过基于符号链接的竞争条件实现任意文件写入和权限提升。
CVSS Information
N/A
Vulnerability Type
N/A