> Securesec Security Advisory - #00003 > 09/06/05 > > Apple Mac OS X 10.4 launchd race condition vulnerability > Advisory: http://www.suresec.org/advisories/adv3.pdf > > Description: > > A race condition vulnerability has been found in the temporary file > creation done by the suid launchd program on Mac OSX 10.4. > The for advisory for this can be downloaded from the Suresec website. > > Risk: > > Successful exploitation of this vulnerability results in stolen > ownership of any file on the system. Using this it is trivial to get > a root shell. > Is this fixed by the security update issued by apple some days ago? > Credit: > > The vulnerability was discovered by Neil Archibald and Ilja Van Sprundel > Jonathan -- Jonathan Weiss jw@xxxxxxxxxxxx http://blog.innerewut.de