Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

[VS-2018-001] Shimo VPN Client for MacOS Root Privilege Escalation Vulnerability

CVE ID

CVE-2018-6823

CVSS Score

https://nvd.nist.gov/vuln/detail/CVE-2018-6823

Vendor

Mailbutler GmbH

Product

Shimo for MacOS < 4.1.5.1

Vulnerability Details

The Shimo VPN Client's com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root.

Exploit

https://github.com/VerSprite/research/tree/master/exploits/VS-2018-001

Vendor Response

Mailbutler GmbH responded stating their developer would review.

Disclosure Timeline

  • 01-29-2018 - Contacted Shimno Support
  • 01-29-2018 - Contacted Mailbutler GmbH at support@mailbutler.io
  • 01-29-2018 - Received automated response from support system
  • 02-02-2018 - No response Shimno Support
  • 02-02-2018 - No response Mailbutler GmbH
  • 02-07-2018 - Advisory released
  • 02-09-2018 - Mailbutler GmbH response

Credit

Benjamin Watson of VerSprite Security (@rotlogix)