Allele Security Alert
ASA-2018-00043
Identifier(s)
ASA-2018-00043, CVE-2018-18860
Title
Excessive permissions for application configuration allow privilege escalation
Vendor(s)
SwitchVPN
Product(s)
SwitchVPN for macOS
Affected version(s)
SwitchVPN 2.1012.03
Fixed version(s)
Unknown
Proof of concept
Unknown
Description
After installation or an update, the script “fix_permissions.sh” is run by the application. This script changes the owner of the main application binaries to root and sets them to world-writable. Additionally, the SUID bit is set for another sensitive binary in the application folder. This configuration makes it very easy to escalate privileges to root.
The script /Applications/SwitchVPN/SwitchVPN.app/Contents/MacOS/SwitchVPN_GUI is world-writeable after installation or an update and is later executed by a privilege process. Overwriting its content, because it is world-writeable, allows an attacker to perform escalation of privileges.
Technical details
Unknown
Credits
Bernd Leitner
Reference(s)
SwitchVPN MacOS Privilege Escalation Vulnerability
https://seclists.org/fulldisclosure/2018/Nov/38
CVE-2018-18860
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18860
CVE-2018-18860
https://nvd.nist.gov/vuln/detail/CVE-2018-18860
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: February 6, 2019