Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Macintosh :: mac5690.htm

NetInfo Manager



16th Sep 2002 [SBWID-5690]
COMMAND

	
		Mac OS NetInfo Manager local root rights abuse
	
	

SYSTEMS AFFECTED

	
		Mac OS X 10.2 Jaguar
	
	

PROBLEM

	
		Christopher Allene [cwis@nerim.fr] says :
		

		There is a severe security issue  with  Mac  OS  X  10.2  Jaguar,  which
		allows  any  user  of  the  system  to  navigate  through   the   entire
		filesystem, and possibly overwrite any file.  The  security  issue  lies
		within  the  "NetInfo  Manager"  application,  which  is  setuid   root.
		Whenever an  user  runs  this  application,  the  entire  appliation  is
		running as root.
		

		Therefore, if the user runs "NetInfo Manager" and chooses to  print  the
		window content by choosing "Domain: Print", the Print dialog is  running
		as root? By choosing to "Save  as  PDF",  the  associated  file  manager
		window is itself running as root, thus allowing  the  user  to  navigate
		all  files  on  the  connected  hard  disks.  Moreover,  by  creating  a
		filesystem link  to  any  file  of  the  filesystem,  calling  the  link
		"dummy.pdf", and then saving the PDF over this link, the  user  is  then
		allowed to overwrite  the  contents  of  any  file  of  the  filesystem,
		including system files or files owned by other users on the system.
		

		Although this security hole cannot be used to  gain  priviledged  status
		with a clean install of Jaguar, it might be  possible  for  a  malicious
		user to install a custom Print Driver of his choosing, which could,  for
		exemple, run a copy of Terminal.app as root, thus allowing the  attacker
		to gain root access.
		

		A similar security issue has already been discovered a  few  month  ago,
		where running "NetInfo Manager" allowed any user to  become  root  while
		choosing a program from the Apple menu. Setuid applications have  severe
		security implications, this should not been forgotten.
		

		Also, note that from all the programs  shipped  with  Jaguar  which  are
		setuid root, NetInfo Manager is the only program which  does  not  "drop
		priviledges".
	
	

SOLUTION

	
	


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH