CVE-2017-16928
N/A
N/A
Summary
The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.exploit-db.com/exploits/43925/
- http://packetstormsecurity.com/files/146158/Arq-5.10-Local-Privilege-Escalation.html
- https://m4.rkw.io/blog/two-local-root-privesc-bugs-in-arq-backup–510.html
References
- https://www.exploit-db.com/exploits/43925/
- http://packetstormsecurity.com/files/146158/Arq-5.10-Local-Privilege-Escalation.html
- https://m4.rkw.io/blog/two-local-root-privesc-bugs-in-arq-backup–510.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.