CVE-2015-3673
published 2015-07-03CVE-2015-3673: Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges…
PriorityP340high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
5.66%
92.0th percentile
Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | <= 10.10.3 | — |
| apple | os_x_yosemite_v10.10.4_and_security_update_2015-005 | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2h38-rw9c-6j5p: Admin Framework in Apple OS X before 10
ghsa_unreviewed·2022-05-17
CVE-2015-3673 [HIGH] GHSA-2h38-rw9c-6j5p: Admin Framework in Apple OS X before 10
Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility.
Apple
CVE-2015-3673: OS X Yosemite v10.10.4 and Security Update 2015-005
vendor_apple·CVSS 7.2
CVE-2015-3673 [HIGH] CVE-2015-3673: OS X Yosemite v10.10.4 and Security Update 2015-005
Apple Security Update: About the security content of OS X Yosemite v10.10.4 and Security Update 2015-005
Product: OS X Yosemite v10.10.4 and Security Update 2015-005
CVE: CVE-2015-3673
Component: CVE-ID
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the AFP server. This issue was addressed through improved memory handling.
No detection rules found.
Exploit-DB
Apple Mac OSX Entitlements - 'Rootpipe' Local Privilege Escalation (Metasploit)
exploitdb·2015-08-31
CVE-2015-3673 Apple Mac OSX Entitlements - 'Rootpipe' Local Privilege Escalation (Metasploit)
Apple Mac OSX Entitlements - 'Rootpipe' Local Privilege Escalation (Metasploit)
---
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit4 'Apple OS X Entitlements Rootpipe Privilege Escalation',
'Description' => %q{
This module exploits the rootpipe vulnerability and bypasses Apple's initial
fix for the issue by injecting code into a process with the 'admin.writeconfig'
entitlement.
},
'Author' => [
'Emil Kvarnhammar', # Vulnerability discovery and PoC
'joev' # Copy/paste monkey
],
'References' => [
['CVE', '2015-3673'],
['URL', 'https://truesecdev.wordpress.com/2015/07/01/exploiting-rootpipe-again/']
],
'DisclosureDate' => 'Jul 1 2015',
'License' => MSF_LICENSE,
'Pla
Metasploit
Apple OS X Entitlements Rootpipe Privilege Escalation
metasploit
Apple OS X Entitlements Rootpipe Privilege Escalation
Apple OS X Entitlements Rootpipe Privilege Escalation
This module exploits the rootpipe vulnerability and bypasses Apple's initial fix for the issue by injecting code into a process with the 'admin.writeconfig' entitlement.
No writeups or analysis indexed.
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.htmlhttp://support.apple.com/kb/HT204942http://www.securityfocus.com/bid/75493http://www.securitytracker.com/id/1032760https://www.exploit-db.com/exploits/38036/http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.htmlhttp://support.apple.com/kb/HT204942http://www.securityfocus.com/bid/75493http://www.securitytracker.com/id/1032760https://www.exploit-db.com/exploits/38036/
2015-07-03
Published