KisMAC before 0.05d trusts user-supplied variables to load arbitrary kernels or kernel modules, which allows local users to gain privileges via the $DRIVER_KEXT environment variable as used in (1) viha_driver.sh, (2) macjack_load.sh, or (3) airojack_load.sh, or (4) via "similar techniques" using exchangeKernel.sh.
References
Link | Resource |
---|---|
http://www.atstake.com/research/advisories/2003/a082203-1.txt | Patch Vendor Advisory |
http://www.securityfocus.com/bid/8497 | Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/13007 | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/13008 |
Configurations
History
No history.
Information
Published : 2003-09-17 04:00
Updated : 2024-02-04 16:31
NVD link : CVE-2003-0703
Mitre link : CVE-2003-0703
CVE.ORG link : CVE-2003-0703
JSON object : View
Products Affected
kismac
- kismac
CWE