CVE-2015-5754

Published: 17/08/2015 Updated: 21/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Race condition in runner in Install.framework in the Install Framework Legacy component in Apple OS X prior to 10.10.5 allows malicious users to execute arbitrary code in a privileged context via a crafted app that leverages incorrect privilege dropping associated with a locking error.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple mac os x

Source: codegooglecom/p/google-security-research/issues/detail?id=478 The Installframework runner suid root binary does not correctly account for the fact that Distributed Objects can be connected to by multiple clients at the same time By connecting two proxy objects to an IFInstallRunner and calling [IFInstallRunner makeReceiptD ...

CWE-362 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html https://support.apple.com/kb/HT205031 http://www.securityfocus.com/bid/76340 https://www.exploit-db.com/exploits/38136/http://packetstormsecurity.com/files/133550/OS-X-Suid-Privilege-Escalation.html http://www.securitytracker.com/id/1033276 https://nvd.nist.gov https://www.exploit-db.com/exploits/38136/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-5754

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect