Vulnerability Description
The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of launchctl to trigger the launchd daemon's execution of a script file, a related issue to CVE-2011-1516.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Mac Os X | 10.5.0 |
Related Weaknesses (CWE)
References
- http://www.coresecurity.com/content/apple-osx-sandbox-bypassExploit
- https://www.blackhat.com/presentations/bh-jp-08/bh-jp-08-Miller/BlackHat-Japan-0Exploit
- http://www.coresecurity.com/content/apple-osx-sandbox-bypassExploit
- https://www.blackhat.com/presentations/bh-jp-08/bh-jp-08-Miller/BlackHat-Japan-0Exploit
FAQ
What is CVE-2008-7303?
CVE-2008-7303 is a vulnerability with a CVSS score of 7.6 (HIGH). The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted appli...
How severe is CVE-2008-7303?
CVE-2008-7303 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-7303?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X.