|
|
|
 |
Vulnerability Note VU#474969Apple Macintosh OS X fails to properly mount WebDAV filesystemsOverviewA vulnerability in the way that Apple Macintosh OS X mounts WebDAV filesystems could allow a local attacker to execute commands with elevated privileges.I. DescriptionWeb-based Distributed Authoring and Versioning (WebDAV) is a set of extensions to the HTTP protocol which allows collaborative editing and management of web resources on remote servers. Apple Macintosh OS X contains a vulnerability that could be exploited when it attempts to mount WebDAV filesystems that may allow a local attacker to execute commands with elevated privileges. According to Apple Security Update 2007-004:When mounting a WebDAV filesystem, the load_webdav program may be launched without properly cleaning the environment. This may allow a local user to create files or execute commands with system privileges. This update addresses the issue by cleaning the environment prior to executing commands. II. ImpactA local attacker may be able to execute commands with elevated privileges.III. SolutionApply Updates from AppleApple has addressed this vulnerability with the updates included in Apple Security Update 2007-004.
References
This vulnerability was reported in Apple Security Update 2007-004. This document was written by Chris Taschner.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Get Adobe Reader