PT-2007-1602 · Apple · Diskutil+2

Published

2007-01-09

Updated

2011-03-08

CVE-2007-0117

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions DiskManagementTool in DiskManagement.framework version 92.29

Description The issue arises from the improper validation of Bill of Materials (BOM) files by the DiskManagementTool. This allows attackers to gain privileges through a BOM file located under /Library/Receipts/, which can trigger arbitrary file permission changes when a diskutil permission repair operation is executed.

Recommendations For DiskManagementTool in DiskManagement.framework version 92.29, consider restricting access to the /Library/Receipts/ directory to minimize the risk of exploitation until a proper fix is applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-0117

Affected Products

Diskmanagement.Framework

Diskmanagementtool

Diskutil

PT-2007-1602 · Apple · Diskutil+2

CVE-2007-0117

Related Identifiers

Affected Products

References · 8