Title: SSHKeychain Local Privilege Escalation and Information Disclosure Vulnerabilities
Severity: HIGH
Description:
SSHKeychain is a freely available application for the Apple Mac OS X platform. It is designed to provide convenience functionality when dealing with SSH and SSH-Agent.
SSHKeychain is prone to a local privilege-escalation issue and an information-disclosure issue.
The privilege-escalation vulnerability resides in the 'SSHKeychain.app/Contents/Resources/TunnelRunner' binary. This executable is installed setuid-superuser by default. An unspecified flaw allows local users to execute arbitrary code with superuser-level privileges.
The information-disclosure vulnerability resides in the 'SSHKeychain.app/Contents/Resources/PassphraseRequester' binary. This executable is used to request SSH key passphrases from users. If passphrases have been stored in the Apple Keychain, attackers may retrieve them by interacting with the affected binary in an unspecified manner.
Successfully exploiting these issues allows local attackers to gain superuser-level privileges and to obtain passphrases used to unlock SSH keys. Exploiting these issues will facilitate the complete compromise of affected computers.
SSHKeychain 0.8.1 is vulnerable; prior versions may also be affected.
Affected Products:
- SSHKeychain SSHKeychain 0.8.1
References:
- Eric Warnke: [Users] SECURITY: root privilege escalation / trivial reveal of stored passwords
- SSHKeychain: SSHKeychain Home Page
- SSHKeychain: [Users] New version: 0.8.3 beta
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
