Vulnerabilities > CVE-2005-1430 - Local Security vulnerability in Mac OS X
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other users.
Vulnerable Configurations
Nessus
NASL family | MacOS X Local Security Checks |
NASL id | MACOSX_10_4.NASL |
description | The remote host is running a version of Mac OS X which is older than version 10.4. Versions older than 10.4 contain a security issue in the way they handle the permissions of pseudo terminals. When an application uses a new pseudo terminal, it can not restrict its permissions to a safe mode. As a result, every created pseudo terminal has permissions 0666 set, which allows a local attacker to sniff the session of other users. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18352 |
published | 2005-05-20 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/18352 |
title | Mac OS X < 10.4 pty Permission Weakness |