Vulnerabilities > CVE-2005-1430 - Local Security vulnerability in Mac OS X

047910
CVSS 3.6 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
local
low complexity
apple
nessus

Summary

Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other users.

Nessus

NASL familyMacOS X Local Security Checks
NASL idMACOSX_10_4.NASL
descriptionThe remote host is running a version of Mac OS X which is older than version 10.4. Versions older than 10.4 contain a security issue in the way they handle the permissions of pseudo terminals. When an application uses a new pseudo terminal, it can not restrict its permissions to a safe mode. As a result, every created pseudo terminal has permissions 0666 set, which allows a local attacker to sniff the session of other users.
last seen2020-06-01
modified2020-06-02
plugin id18352
published2005-05-20
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/18352
titleMac OS X < 10.4 pty Permission Weakness