passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to overwrite arbitrary files via a symlink attack on the .pwtmp.[PID] temporary file.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mac_os_x | Apple | 10.4.3 | 10.4.3 |
Mac_os_x_server | Apple | 10.4.3 | 10.4.3 |
Mac_os_x_server | Apple | 10.3.2 | 10.3.2 |
Mac_os_x_server | Apple | 10.3.7 | 10.3.7 |
Mac_os_x_server | Apple | 10.3.5 | 10.3.5 |
Mac_os_x | Apple | 10.3.1 | 10.3.1 |
Mac_os_x | Apple | 10.3.5 | 10.3.5 |
Mac_os_x | Apple | 10.4.1 | 10.4.1 |
Mac_os_x_server | Apple | 10.4.2 | 10.4.2 |
Mac_os_x_server | Apple | 10.3.3 | 10.3.3 |
Mac_os_x_server | Apple | 10.4.4 | 10.4.4 |
Mac_os_x_server | Apple | 10.4.1 | 10.4.1 |
Mac_os_x | Apple | 10.4.4 | 10.4.4 |
Mac_os_x_server | Apple | 10.3.4 | 10.3.4 |
Mac_os_x | Apple | 10.3.2 | 10.3.2 |
Mac_os_x | Apple | 10.3.7 | 10.3.7 |
Mac_os_x_server | Apple | 10.4 | 10.4 |
Mac_os_x_server | Apple | 10.4.5 | 10.4.5 |
Mac_os_x | Apple | 10.3.6 | 10.3.6 |
Mac_os_x_server | Apple | 10.3 | 10.3 |
Mac_os_x_server | Apple | 10.3.8 | 10.3.8 |
Mac_os_x | Apple | 10.4 | 10.4 |
Mac_os_x_server | Apple | 10.3.9 | 10.3.9 |
Mac_os_x | Apple | 10.3.8 | 10.3.8 |
Mac_os_x_server | Apple | 10.3.1 | 10.3.1 |
Mac_os_x | Apple | 10.4.5 | 10.4.5 |
Mac_os_x | Apple | 10.3.9 | 10.3.9 |
Mac_os_x | Apple | 10.3.4 | 10.3.4 |
Mac_os_x | Apple | 10.3.3 | 10.3.3 |
Mac_os_x | Apple | 10.4.2 | 10.4.2 |
Mac_os_x | Apple | 10.3 | 10.3 |
Mac_os_x_server | Apple | 10.3.6 | 10.3.6 |