TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to overwrite or create arbitrary files and gain root privileges by setting a certain environment variable that is used to write debugging information.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mac_os_x | Apple | 10.2 (including) | 10.2 (including) |
| Mac_os_x | Apple | 10.2.1 (including) | 10.2.1 (including) |
| Mac_os_x | Apple | 10.2.2 (including) | 10.2.2 (including) |
| Mac_os_x | Apple | 10.2.3 (including) | 10.2.3 (including) |
References
- http://docs.info.apple.com/article.html?artnum=61798
- http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
- http://www.atstake.com/research/advisories/2003/a021403-1.txt
- http://www.iss.net/security_center/static/11332.php
- http://www.securityfocus.com/bid/6859
- http://docs.info.apple.com/article.html?artnum=61798
- http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
- http://www.atstake.com/research/advisories/2003/a021403-1.txt
- http://www.iss.net/security_center/static/11332.php
- http://www.securityfocus.com/bid/6859