Published: 05/05/2003 Updated: 10/09/2008

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple mac os x 10.0.2
apple mac os x 10.0.4
apple mac os x 10.1.4
apple mac os x 10.2
apple mac os x 10.2.2
apple mac os x server 10.2.1
apple mac os x server 10.2.3
apple mac os x 10.1
apple mac os x 10.1.1
apple mac os x 10.1.2
apple mac os x 10.1.3
apple mac os x 10.0
apple mac os x 10.2.3
apple mac os x 10.2.4
apple mac os x server 10.0
apple mac os x server 10.2
apple mac os x 10.0.1
apple mac os x 10.0.3
apple mac os x 10.1.5
apple mac os x 10.2.1
apple mac os x server 10.2.2
apple mac os x server 10.2.4

/* OS X <= 1024 DirectoryService local root PATH exploit DirectoryService must be crashed prior to execution, per @stake advisory If you discover how to crash DirectoryService e-mail me at neeko@haackeycom [Neeko Oni] -- Assuming DirectoryService has been crashed/killed, compile this code as 'touch' (gcc osxdsc -o touch) and ...

NVD-CWE-Other http://www.atstake.com/research/advisories/2003/a041003-1.txt http://lists.apple.com/mhonarc/security-announce/msg00028.html https://nvd.nist.gov https://www.exploit-db.com/exploits/15/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2003-0171

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect