PT-2007-1932 · Apple · Macos X
Published
2007-01-31
·
Updated
2017-07-29
·
CVE-2007-0467
CVSS v2.0
6.2
Medium
| Vector | AV:L/AC:H/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Apple Mac OS X version 10.4.8
Description
The issue allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/.
Recommendations
For Apple Mac OS X version 10.4.8, consider restricting access to the CrashReporter logs to prevent exploitation. As a temporary workaround, limit the privileges of users in the admin group to minimize the risk of arbitrary file modification.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Macos X