exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Atstake Security Advisory 04-02-10.1

Atstake Security Advisory 04-02-10.1
Posted Feb 11, 2004
Authored by Atstake, George Gal | Site atstake.com

Atstake Security Advisory A021004-1 - Both Connectix Virtual PC 6.0.x and Microsoft Virtual PC 6.1 on Mac OS X suffer from an insecure temporary file creation vulnerability.

tags | advisory
systems | apple, osx
advisories | CVE-2004-0115
SHA-256 | 957d7e39e1983bcf0c08476d79bf23df3df003fbce3396e952ea4e50e60e12a6

Atstake Security Advisory 04-02-10.1

Change Mirror Download

Hash: SHA1

@stake, Inc.

Security Advisory

Advisory Name: Virtual PC Services Insecure Temporary File Creation
Release Date: 02/10/2004
Application: Connectix Virtual PC 6.0.x
Microsoft Virtual PC 6.1
Platform: Mac OS X
Severity: Local privilege escalation
Author: George Gal <ggal@atstake.com>
Vendor Status: Vendor has updated version of the software
CVE Candidate: CAN-2004-0115
Reference: www.atstake.com/research/advisories/2004/a021004-1.txt


Virtual PC is a popular x86 virtual machine emulator capable running
several guest operating systems under the Mac OS X and Windows
platforms. Virtual PC provides a set of services for managing network
sharing capabilities under Mac OS X. These services are spawned from
the setuid root binary, VirtualPC_Services, which creats several
temporary files when it is executed. The VirtualPC_Services does not
check for several unsafe conditions prior to creation of these
temporary files. As a result an attacker with interactive login
access to the system may leverage insecure temporary files to become
root or overwrite critical system files.


@stake has identified a vulnerability within the setuid root binary,
VirtualPC_Services, due to its inability to check for dangerous
conditions prior to temporary file creation. This vulnerability
allows an attacker to truncate and overwrite arbitrary files in
addition to creation of arbitrary files with insecure file

Using this vulnerability it is feasible for an attacker to gain root
privileges on the system. The VirtualPC_Services binary creates a
log file upon startup as /tmp/VPCServices_Log. An attacker may
create a symbolic link in the /tmp/ directory as VPCServices_Log
pointing to an arbitrary file to be overwritten when the
VirtualPC_Services binary is executed. However, when the symbolic
link points to a non-existent file a new file is created with file
permissions determined by the unprivileged user's umask(2) settings.

Vendor Response:

Microsoft has an updated version of the software available.

Download information available at:



If possible install the updated version of Virtual PC.

Do not install Virtual PC on a multi-user machine. If this is a
requirement, only allow users with in a particular group to access
Virtual PC.

Common Vulnerabilities and Exposures (CVE) Information:

The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.


@stake Vulnerability Reporting Policy:

@stake Advisory Archive:

PGP Key:

Copyright 2004 @stake, Inc. All rights reserved.

Version: PGP 8.0.3

Login or Register to add favorites

File Archive:

March 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    13 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    31 Files
  • 8
    Mar 8th
    16 Files
  • 9
    Mar 9th
    13 Files
  • 10
    Mar 10th
    9 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    10 Files
  • 14
    Mar 14th
    6 Files
  • 15
    Mar 15th
    17 Files
  • 16
    Mar 16th
    22 Files
  • 17
    Mar 17th
    13 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    16 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By