Vulnerabilities > CVE-2012-4284 - Unspecified vulnerability in Sparklabs Viscosity 1.4.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description Viscosity setuid-set ViscosityHelper Privilege Escalation. CVE-2012-4284. Local exploit for osx platform id EDB-ID:24579 last seen 2016-02-02 modified 2013-03-05 published 2013-03-05 reporter metasploit source https://www.exploit-db.com/download/24579/ title Viscosity setuid-set ViscosityHelper Privilege Escalation description OS X Viscosity OpenVPN Client - Local Root Exploit. CVE-2012-4284. Local exploit for osx platform id EDB-ID:20485 last seen 2016-02-02 modified 2012-08-13 published 2012-08-13 reporter zx2c4 source https://www.exploit-db.com/download/20485/ title OS X Viscosity OpenVPN Client - Local Root Exploit
Metasploit
description | This module exploits a vulnerability in Viscosity 1.4.1 on Mac OS X. The vulnerability exists in the setuid ViscosityHelper, where an insufficient validation of path names allows execution of arbitrary python code as root. This module has been tested successfully on Viscosity 1.4.1 over Mac OS X 10.7.5. |
id | MSF:EXPLOIT/OSX/LOCAL/SETUID_VISCOSITY |
last seen | 2020-04-24 |
modified | 2018-11-04 |
published | 2013-03-03 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/osx/local/setuid_viscosity.rb |
title | Viscosity setuid-set ViscosityHelper Privilege Escalation |
Nessus
NASL family | MacOS X Local Security Checks |
NASL id | MACOSX_VISCOSITY_1_4_2.NASL |
description | The remote host has a version of Viscosity VPN client installed that has a path name validation flaw in the setuid-set ViscosityHelper binary. This flaw can be exploited to execute arbitrary code with root privileges. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 65700 |
published | 2013-03-27 |
reporter | This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/65700 |
title | Viscosity ViscosityHelper Symlink Attack Local Privilege Escalation |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/120643/setuid_viscosity.rb.txt |
id | PACKETSTORM:120643 |
last seen | 2016-12-05 |
published | 2013-03-05 |
reporter | juan vazquez |
source | https://packetstormsecurity.com/files/120643/Viscosity-setuid-set-ViscosityHelper-Privilege-Escalation.html |
title | Viscosity setuid-set ViscosityHelper Privilege Escalation |
References
- http://www.exploit-db.com/exploits/24579
- http://www.exploit-db.com/exploits/24579
- http://www.securityfocus.com/bid/55002
- http://www.securityfocus.com/bid/55002
- https://packetstormsecurity.com/files/120643/Viscosity-setuid-set-ViscosityHelper-Privilege-Escalation.html
- https://packetstormsecurity.com/files/120643/Viscosity-setuid-set-ViscosityHelper-Privilege-Escalation.html
- https://www.sparklabs.com/viscosity/releasenotes/mac/
- https://www.sparklabs.com/viscosity/releasenotes/mac/