BugTraq
InsomniaX loader allows loading of arbitrary Kernel Extensions Jul 02 2017 08:18AM
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

InsomniaX loader allows loading of arbitrary Kernel Extensions
------------------------------------------------------------------------

Yorick Koster, April 2017

------------------------------------------------------------------------

Abstract
------------------------------------------------------------------------

It was found that the loader application bundled with InsomniaX can be
used to load arbitrary Kernel Extensions (kext). The loader is normally
used to load a kext file that is needed to disable the Lid Sleep. A flaw
has been found in the loader that allows a local attacker to load (or
unload) any arbitrary kext file.

------------------------------------------------------------------------

See also
------------------------------------------------------------------------

- http://semaja2.net/2017/06/insomniax-security-notice/
- http://semaja2.net/2017/06/thank-you-and-farewell-for-now/

------------------------------------------------------------------------

Tested versions
------------------------------------------------------------------------

This issue was successfully verified on InsomniaX version 2.1.8.

------------------------------------------------------------------------

Fix
------------------------------------------------------------------------

There is currently no fix available. The author of InsomniaX reports
that InsomniaX is no longer supported. As a workaround, remove the
setuid bit from the loader file. Doing so will prevent users from
disabling the Lid Sleep.

sudo chmod u-s /Applications/InsomniaX.app/Contents/Resources/loader

------------------------------------------------------------------------

Details
------------------------------------------------------------------------

https://www.securify.nl/advisory/SFY20170405/insomniax-loader-allows-loa
ding-of-arbitrary-kernel-extensions.html

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus