Vulnerabilities > CVE-2017-15358 - Race Condition vulnerability in Charlesproxy Charles

CVSS 7.0 - HIGH

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

high complexity

charlesproxy

CWE-362

exploit available

NVD

Published: 2018-08-03

Updated: 2024-11-21

Summary

Race condition in the Charles Proxy Settings suid binary in Charles Proxy before 4.2.1 allows local users to gain privileges via vectors involving the --self-repair option.

Vulnerable Configurations

Part	Description	Count
Application	Charlesproxy Charlesproxy Charles 1.0 Charlesproxy Charles 1.1 Charlesproxy Charles 1.1.1 Charlesproxy Charles 1.2 Charlesproxy Charles 1.5 Charlesproxy Charles 1.6 Charlesproxy Charles 1.7 Charlesproxy Charles 1.7.1 Charlesproxy Charles 1.8 Charlesproxy Charles 1.8.1 Charlesproxy Charles 1.8.2 Charlesproxy Charles 1.8.3 Charlesproxy Charles 1.8.4 Charlesproxy Charles 1.8.5 Charlesproxy Charles 2.0 Charlesproxy Charles 2.0.1 Charlesproxy Charles 2.1 Charlesproxy Charles 2.1.1 Charlesproxy Charles 2.2 Charlesproxy Charles 2.2.1 Charlesproxy Charles 2.3 Charlesproxy Charles 2.4 Charlesproxy Charles 2.4.1 Charlesproxy Charles 2.4.2 Charlesproxy Charles 2.5 Charlesproxy Charles 2.6 Charlesproxy Charles 2.6.1 Charlesproxy Charles 2.6.2 Charlesproxy Charles 2.6.3 Charlesproxy Charles 2.6.4 Charlesproxy Charles 3.0 Charlesproxy Charles 3.0.1 Charlesproxy Charles 3.0.2 Charlesproxy Charles 3.0.3 Charlesproxy Charles 3.0.4 Charlesproxy Charles 3.1 Charlesproxy Charles 3.1.1 Charlesproxy Charles 3.1.2 Charlesproxy Charles 3.1.3 Charlesproxy Charles 3.1.4 Charlesproxy Charles 3.2 Charlesproxy Charles 3.2.1 Charlesproxy Charles 3.2.2 Charlesproxy Charles 3.2.3 Charlesproxy Charles 3.3 Charlesproxy Charles 3.3.1 Charlesproxy Charles 3.4 Charlesproxy Charles 3.4.1 Charlesproxy Charles 3.5 Charlesproxy Charles 3.5.1 Charlesproxy Charles 3.5.2 Charlesproxy Charles 3.6 Charlesproxy Charles 3.6.1 Charlesproxy Charles 3.6.2 Charlesproxy Charles 3.6.3 Charlesproxy Charles 3.6.4 Charlesproxy Charles 3.6.5 Charlesproxy Charles 3.7 Charlesproxy Charles 3.8 Charlesproxy Charles 3.8.1 Charlesproxy Charles 3.8.2 Charlesproxy Charles 3.8.3 Charlesproxy Charles 3.9 Charlesproxy Charles 3.9.1 Charlesproxy Charles 3.9.2 Charlesproxy Charles 3.9.3 Charlesproxy Charles 3.10 Charlesproxy Charles 3.10.1 Charlesproxy Charles 3.10.2 Charlesproxy Charles 3.11 Charlesproxy Charles 3.11.1 Charlesproxy Charles 3.11.2 Charlesproxy Charles 3.11.3 Charlesproxy Charles 3.11.4 Charlesproxy Charles 3.11.5 Charlesproxy Charles 3.11.6 Charlesproxy Charles 3.11.7 Charlesproxy Charles 3.12 Charlesproxy Charles 3.12.1 Charlesproxy Charles 3.12.2 Charlesproxy Charles 3.12.3 Charlesproxy Charles 4.0 Charlesproxy Charles 4.0.1 Charlesproxy Charles 4.0.2 Charlesproxy Charles 4.1 Charlesproxy Charles 4.1.1 Charlesproxy Charles 4.1.2 Charlesproxy Charles 4.1.3 Charlesproxy Charles 4.1.4 Charlesproxy Charles 4.2	90

Common Weakness Enumeration (CWE)

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Common Attack Pattern Enumeration and Classification (CAPEC)

Leveraging Race Conditions
This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.

Exploit-Db

description	Charles Proxy 4.2 - Local Privilege Escalation. CVE-2017-15358. Local exploit for macOS platform. Tags: Local
file	exploits/macos/local/45107.txt
id	EDB-ID:45107
last seen	2018-07-30
modified	2018-07-30
platform	macos
port
published	2018-07-30
reporter	Exploit-DB
source	https://www.exploit-db.com/download/45107/
title	Charles Proxy 4.2 - Local Privilege Escalation
type	local

Packetstorm

data source	https://packetstormsecurity.com/files/download/148746/charlesproxy42-escalate.txt
id	PACKETSTORM:148746
last seen	2018-07-31
published	2018-07-30
reporter	Mark Wadham
source	https://packetstormsecurity.com/files/148746/Charles-Proxy-4.2-Local-Root-Privilege-Escalation.html
title	Charles Proxy 4.2 Local Root Privilege Escalation

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit-Db

Packetstorm

References