Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

[VS-2018-003] CactusVPN for MacOS Root Privilege Escalation Vulnerability | setuid

CVE ID

CVE-2018-7281

CVSS Score

Vendor

CactusVPN

Product

CactusVPN for MacOS < 5.3.6

Vulnerability Details

The CactusVPN for MacOS contains a root privilege escalation vulnerability through a setuid root binary called runme. The binary takes a single command line argument and passes this to a system() call, thus allowing low privileged users to execute commands as root.

Vendor Response

CactusVPN has remediated the vulnerability.

Disclosure Timeline

  • 02-16-2018 - Vendor contacted via Twitter
  • 02-16-2018 - Vendor contacted via Facebook
  • 02-16-2018 - Vendor response and disclosure
  • 02-17-2018 - Vendor responded that team is working on update
  • 02-20-2018 - VerSprite confirmed the ETA release of the patched sofware
  • 02-20-2018 - Vendor sent patched software for validation
  • 02-21-2018 - VerSprite validated the vulnerability had been fixed
  • 02-21-2018 - Vendor notified of advisory release

Credit

Benjamin Watson of VerSprite Security (@rotlogix)