[VS-2018-003] CactusVPN for MacOS Root Privilege Escalation Vulnerability | setuid
CVE ID
CVE-2018-7281
CVSS Score
Vendor
CactusVPN
Product
CactusVPN for MacOS < 5.3.6
Vulnerability Details
The CactusVPN for MacOS contains a root privilege escalation vulnerability through a setuid root binary called runme. The binary takes a single command line argument and passes this to a system() call, thus allowing low privileged users to execute commands as root.
Vendor Response
CactusVPN has remediated the vulnerability.
Disclosure Timeline
- 02-16-2018 - Vendor contacted via Twitter
- 02-16-2018 - Vendor contacted via Facebook
- 02-16-2018 - Vendor response and disclosure
- 02-17-2018 - Vendor responded that team is working on update
- 02-20-2018 - VerSprite confirmed the ETA release of the patched sofware
- 02-20-2018 - Vendor sent patched software for validation
- 02-21-2018 - VerSprite validated the vulnerability had been fixed
- 02-21-2018 - Vendor notified of advisory release
Credit
Benjamin Watson of VerSprite Security (@rotlogix)