CVE-2005-0125

The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop privileges, which allows local users to (1) delete arbitrary files via atrm, (2) execute arbitrary programs via the -f argument to batch, or (3) read arbitrary files via the -f argument to batch, which generates a job file that is readable by the local user.

Published: May 2, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-0125
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
apple / mac_os_x_server	10.3.7	10.3.7.x
apple / mac_os_x	10.3.7	10.3.7.x
apple / mac_os_x	10.3.4	10.3.4.x

http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html
http://marc.info/?l=bugtraq&m=110685027017411&w=2
http://www.digitalmunition.com/DMA[2005-0127a].txt
http://www.digitalmunition.com/DMA%5B2005-0127a%5D.txt
http://www.kb.cert.org/vuls/id/678150
https://exchange.xforce.ibmcloud.com/vulnerabilities/18981

Vulnerability Database

290,206

CVE-2005-0125