Difference between revisions of "Timezone Vulnerability"

From The iPhone Wiki
Jump to: navigation, search
m (reference to evasi0n)
(reference CVE-2013-0979)
Line 1: Line 1:
 
According the the Accuvant Labs analysis, sending [[lockdownd]] a malformed [[PairRequest]] command causes [[lockdownd]] to change the permissions like <code>chmod 777 file</code> making it accessible to mobile (and all users). It isn't clear whether this vulnerability is in [[lockdownd]] or in an underlying library or framework, so more analysis of this vulnerability is necessary.
 
According the the Accuvant Labs analysis, sending [[lockdownd]] a malformed [[PairRequest]] command causes [[lockdownd]] to change the permissions like <code>chmod 777 file</code> making it accessible to mobile (and all users). It isn't clear whether this vulnerability is in [[lockdownd]] or in an underlying library or framework, so more analysis of this vulnerability is necessary.
  +
  +
This vulnerability (or together with [Symbolic Link Vulnerability]?) is CVE-2013-0979.
  +
  +
Apple's description in the iOS 6.1.3 security fixes:
  +
  +
<cite>
  +
'''Lockdown'''<br/>
  +
Impact: A local user may be able to change permissions on arbitrary files<br/>
  +
Description: When restoring from backup, [[lockdownd]] changed permissions on certain files even if the path to the file included a symbolic link. This issue was addressed by not changing permissions on any file with a symlink in its path.
  +
</cite>
   
 
== Usage ==
 
== Usage ==
Line 6: Line 16:
 
== Credits ==
 
== Credits ==
 
* probably [[pimskeks]]
 
* probably [[pimskeks]]
  +
  +
== See Also ==
  +
* [[Symbolic Link Vulnerability]]
   
 
== References ==
 
== References ==
 
* [http://blog.accuvantlabs.com/blog/bthomas/evasi0n-jailbreaks-userland-component Accuvant Labs analysis of evasi0n]
 
* [http://blog.accuvantlabs.com/blog/bthomas/evasi0n-jailbreaks-userland-component Accuvant Labs analysis of evasi0n]
  +
* [http://support.apple.com/kb/HT5704 Apple's iOS 6.1.3 security fixes]
  +
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0979 NIST Reference CVE-2013-0979]
  +
* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0979 Mitre Reference CVE-2013-0979]
   
 
[[Category:Exploits]]
 
[[Category:Exploits]]

Revision as of 22:52, 6 April 2013

According the the Accuvant Labs analysis, sending lockdownd a malformed PairRequest command causes lockdownd to change the permissions like chmod 777 file making it accessible to mobile (and all users). It isn't clear whether this vulnerability is in lockdownd or in an underlying library or framework, so more analysis of this vulnerability is necessary.

This vulnerability (or together with [Symbolic Link Vulnerability]?) is CVE-2013-0979.

Apple's description in the iOS 6.1.3 security fixes:

Lockdown
Impact: A local user may be able to change permissions on arbitrary files
Description: When restoring from backup, lockdownd changed permissions on certain files even if the path to the file included a symbolic link. This issue was addressed by not changing permissions on any file with a symlink in its path.

Usage

Credits

See Also

References