CVE Vulnerabilities

CVE-2005-2714

Improper Link Resolution Before File Access ('Link Following')

Published: Dec 31, 2005 | Modified: Oct 19, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:L/AC:L/Au:S/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to overwrite arbitrary files via a symlink attack on the .pwtmp.[PID] temporary file.

Weakness

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Affected Software

Name Vendor Start Version End Version
Mac_os_x Apple 10.4.3 10.4.3
Mac_os_x_server Apple 10.4.3 10.4.3
Mac_os_x_server Apple 10.3.2 10.3.2
Mac_os_x_server Apple 10.3.7 10.3.7
Mac_os_x_server Apple 10.3.5 10.3.5
Mac_os_x Apple 10.3.1 10.3.1
Mac_os_x Apple 10.3.5 10.3.5
Mac_os_x Apple 10.4.1 10.4.1
Mac_os_x_server Apple 10.4.2 10.4.2
Mac_os_x_server Apple 10.3.3 10.3.3
Mac_os_x_server Apple 10.4.4 10.4.4
Mac_os_x_server Apple 10.4.1 10.4.1
Mac_os_x Apple 10.4.4 10.4.4
Mac_os_x_server Apple 10.3.4 10.3.4
Mac_os_x Apple 10.3.2 10.3.2
Mac_os_x Apple 10.3.7 10.3.7
Mac_os_x_server Apple 10.4 10.4
Mac_os_x_server Apple 10.4.5 10.4.5
Mac_os_x Apple 10.3.6 10.3.6
Mac_os_x_server Apple 10.3 10.3
Mac_os_x_server Apple 10.3.8 10.3.8
Mac_os_x Apple 10.4 10.4
Mac_os_x_server Apple 10.3.9 10.3.9
Mac_os_x Apple 10.3.8 10.3.8
Mac_os_x_server Apple 10.3.1 10.3.1
Mac_os_x Apple 10.4.5 10.4.5
Mac_os_x Apple 10.3.9 10.3.9
Mac_os_x Apple 10.3.4 10.3.4
Mac_os_x Apple 10.3.3 10.3.3
Mac_os_x Apple 10.4.2 10.4.2
Mac_os_x Apple 10.3 10.3
Mac_os_x_server Apple 10.3.6 10.3.6

Potential Mitigations

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.

References