01 september, 2005
Macintosh versions of the Macromedia installers and e-licensing client install a service whose file permissions allow "other" users to write to the file. This may allow one local user to obtain the permissions of another local user (including an admin user). This leads to a threat typically classified as "Privilege Escalation."
This potential vulnerability only affects products installed on machines with multiple users. Further, it does not appear to be a threat under typical installation of Macromedia products where the computer’s only user is already considered the administrator.
Solution
A patch can be downloaded from the Macromedia website to protect users of current versions of Macromedia products.
http://www.macromedia.com/support/service/ts/documents/activation_loop.htm
Alternatively, a work-around is described in the "Making the changes" section of this bulletin.
Affected Software Versions
All supported Macintosh versions of Macromedia MX 2004 products as well as Contribute 2 may be affected.
Severity Rating
Macromedia categorizes this issue as a Moderate update and recommends that administrators of systems supporting multiple users apply the patch located here.
Details
Macintosh OS X versions of the Macromedia installers and e-licensing client install the 'AuthenticationService' as an SUID service whose file permissions allow "other" users to write to the file. By default, these permissions allow the code in the service to be changed by any local user. In the event of modification by any non-admin user, the operating system removes the SUID property.
The current behavior of Macromedia products using this service mitigates all known attack vectors. All current Macromedia products detect the file change, refuse to execute the modified service, and re-install the original, unmodified binary. Therefore, a successful exploitation requires the attacker to cause another user to execute the service independent of any Macromedia product.
If the AuthenticationService file is manually deleted, a re-application of the patch may be required.
Making the Changes
With an admin account and password, permissions on the file can be manually changed to resolve this problem.
Activate a Terminal session and type in the following command.
sudo chmod 4775 "/Library/Application Support/Macrovision/AuthenticationService"
Enter your admin user password at the prompt and then the command will run and set the permissions on the file.