Security bypass Vulnerability in Apple Mac OS X via wrapper programID: oval:org.secpod.oval:def:14278 | Date: (C)2013-07-09 (M)2022-10-10 |
Class: VULNERABILITY | Family: macos |
The host is installed with Apple Mac OS X 10.8.x and is prone to security bypass vulnerability. The flaw is present in the posix_spawn system call in the XNU kernel, which does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs. Successful exploitation allows local users to bypass intended access restrictions.
Platform: |
Apple Mac OS X 10.8 |
Apple Mac OS X Server 10.8 |