Root Privilege Escalation | setuid
CactusVPN for MacOS < 5.3.6
The CactusVPN for MacOS contains a root privilege escalation vulnerability through a setuid root binary called runme. The binary takes a single command line argument and passes this to a
system() call, thus allowing low privileged users to execute commands as root.
CactusVPN has remediated the vulnerability.
02-16-2018 - Vendor contacted via Twitter 02-16-2018 - Vendor contacted via Facebook 02-16-2018 - Vendor response and disclosure 02-17-2018 - Vendor responded that team is working on update 02-20-2018 - VerSprite confirmed the ETA release of the patched sofware 02-20-2018 - Vendor sent patched software for validation 02-21-2018 - VerSprite validated the vulnerability had been fixed 02-21-2018 - Vendor notified of advisory release
Offensive Minded Security Exploit Development