漏洞标题
利用SupportApp中的安装程序进行特权提升(Privilege Escalation)
漏洞描述信息
支持应用是一个开源的应用程序,专门用于管理苹果设备。攻击者可以在安装过程中滥用postinstall安装器脚本中的漏洞,使安装器以root权限执行任意代码。该漏洞的原因在于使用了#!/bin/zsh的shebang。
当安装器运行时,它会要求用户提供密码以便以root权限运行。然而,在此过程中,它仍然会使用用户的$HOME,并因此在postinstall脚本执行时加载文件`$HOME/.zshenv`。
攻击者可以向 `$HOME/.zshenv` 中添加恶意代码,当应用安装时,这些代码将被执行。通过这种方式,攻击者可能利用这个漏洞来提升系统权限。这个问题已在版本2.5.1 Rev 2中得到解决。所有用户都被建议升级。对于此漏洞,目前没有已知的工作绕过方法。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
对搜索路径元素未加控制
漏洞标题
Privilege Escalation Abusing installer in SupportApp
漏洞描述信息
Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang `#!/bin/zsh` is being used. When the installer is executed it asks for the users password to be executed as root. However, it'll still be using the $HOME of the user and therefore loading the file `$HOME/.zshenv` when the `postinstall` script is executed.
An attacker could add malicious code to `$HOME/.zshenv` and it will be executed when the app is installed. An attacker may leverage this vulnerability to escalate privilege on the system. This issue has been addressed in version 2.5.1 Rev 2. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
漏洞类别
特权管理不恰当
漏洞标题
Support App 安全漏洞
漏洞描述信息
Support App是一款专门用于管理 Apple 设备的开源应用程序。 Support App 2.5.1 Rev 2之前版本存在安全漏洞,该漏洞源于安装程序脚本中存在安全漏洞,使安装程序以 root 身份执行任意代码。
CVSS信息
N/A
漏洞类别
其他