{"vuid":"VU#678150","idnumber":"678150","name":"Apple Mac OS X \"at\" utilities fail to drop privileges properly","keywords":["Apple","Mac OS X","privilege escalation","at","atrm","batch","atq","atrun"],"overview":"Apple's Mac OS X operating system may allow local privilege escalation in family of \"at\" commands.","clean_desc":"Mac OS X includes the \"at\" family of commands in order to schedule tasks. However, a flaw in these commands results in the commands not dropping privileges correctly. This may allow a malicious local user to run commands with additional privileges, read or remove protected files, or gain other unintended access. The affected commands include: at, atq, atrm, atrun, and batch.","impact":"These commands are disabled by default in Mac OS X. If they have been enabled, a malicious local user may gain additional privileges including the ability to remove or read protected files, or run programs with additional privileges.","resolution":"Apply a patch Apple advises all users to apply Apple Security Update 2005-001, as it fixes this flaw and other critical security flaws.","workarounds":"","sysaffected":"","thanks":"Thanks to Apple Product Security for reporting this vulnerability. Apple in turn thanks Kevin Finisterre of Immunity, Inc. for reporting this vulnerability.","author":"This document was written by Ken MacInnis.","public":["http://docs.info.apple.com/article.html?artnum=300770","http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html","http://secunia.com/advisories/14005/","http://www.immunitysec.com/resources-advisories.shtml","http://www.immunitysec.com/downloads/nukido.pdf"],"cveids":["CVE-2005-0125"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-01-27T19:39:05Z","publicdate":"2005-01-18T00:00:00Z","datefirstpublished":"2005-01-27T22:53:44Z","dateupdated":"2005-01-28T15:55:16Z","revision":15,"vrda_d1_directreport":"0","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"15","cam_impact":"8","cam_easeofexploitation":"20","cam_attackeraccessrequired":"10","cam_scorecurrent":"8.1","cam_scorecurrentwidelyknown":"10.35","cam_scorecurrentwidelyknownexploited":"19.35","ipprotocol":"","cvss_accessvector":"--","cvss_accesscomplexity":"--","cvss_authentication":null,"cvss_confidentialityimpact":"--","cvss_integrityimpact":"--","cvss_availabilityimpact":"--","cvss_exploitablity":null,"cvss_remediationlevel":"ND","cvss_reportconfidence":"ND","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"0","cvss_basevector":"AV:--/AC:--/Au:--/C:--/I:--/A:--","cvss_temporalscore":"0","cvss_environmentalscore":"0","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":8.1,"vulnote":null}