Description
The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the port before launching the setuid program, then writing to the address space of the setuid process.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38466
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26444
Broken Link third-party-advisory
x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=630
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
Broken Link x_refsource_confirm
http://docs.info.apple.com/article.html?artnum=307041
Broken Link, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3868
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27643
Broken Link, Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA07-319A.html
Scores
CVSS v3
7.8
EPSS
0.0045
EPSS Percentile
35.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-665
Status
published
Products (1)
apple/mac_os_x
10.4.0 - 10.4.10
Published
Nov 15, 2007
Tracked Since
Feb 18, 2026