Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 01/12/2017 Updated: 04/05/2020

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7.4 | Impact Score: 5.9 | Exploitability Score: 1.4

VMScore: 695

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

The setpermissions function in the auto-updater in Arq prior to 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself.

Vulnerable Product	Search on Vulmon	Subscribe to Product
arqbackup arq

# Arq Backup from Haystack Software is a great application for backing up macs and # windows machines Unfortunately versions of Arq for mac before 597 are # vulnerable to a local root privilege escalation exploit # The updater binary has a "setpermissions" function which sets the suid bit and # root ownership on itself but it suffers from a ra ...

CWE-362 CWE-59 https://www.arqbackup.com/download/arq5_release_notes.html https://m4.rkw.io/blog/cve201715357-local-root-privesc-in-arq-backup--596.html https://www.exploit-db.com/exploits/43218/https://nvd.nist.gov https://www.exploit-db.com/exploits/43218/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-15357

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect