Executive Summary
Summary | |
---|---|
Title | Groupnotes Inc. Videostream Mac client allows for privilege escalation to root account |
Informations | |||
---|---|---|---|
Name | VU#757109 | First vendor Publication | 2023-08-28 |
Vendor | VU-CERT | Last vendor Modification | 2023-08-28 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | |||
---|---|---|---|
Overall CVSS Score | 7 | ||
Base Score | 7 | Environmental Score | 7 |
impact SubScore | 5.9 | Temporal Score | 7 |
Exploitabality Sub Score | 1 | ||
Attack Vector | Local | Attack Complexity | High |
Privileges Required | Low | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | High | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : | |||
---|---|---|---|
Cvss Base Score | N/A | Attack Range | N/A |
Cvss Impact Score | N/A | Attack Complexity | N/A |
Cvss Expoit Score | N/A | Authentication | N/A |
Calculate full CVSS 2.0 Vectors scores |
Detail
OverviewGroupnotes Inc. Videostream Mac client installs a LaunchDaemon that runs with root privileges. The daemon is vulnerable to a race condition that allows for arbitrary file writes. A low privileged attacker can escalate privileges to root on affected systems. DescriptionEvery five hours the Videostream LaunchDaemon runs with root privileges to check for updates. During the download, it's possible to replace the update file as any user with a crafted tar archive. The LaunchDaemon process will extract the archive and replace any requested file on the system. ImpactAn attacker with low privilege access can overwrite arbitrary files on the affected system. This can be leveraged to escalate privileges to control the root account. SolutionThe CERT/CC is currently unaware of a practical solution to this problem. AcknowledgementsThank you to Dan Revah for reporting this issue. This document was written by Kevin Stephens. |
Original Source
Url : https://kb.cert.org/vuls/id/757109 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-367 | Time-of-check Time-of-use (TOCTOU) Race Condition |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
Alert History
Date | Informations |
---|---|
2023-08-29 00:36:05 |
|
2023-08-28 21:35:46 |
|
2023-08-28 21:22:07 |
|