CNNVD-202602-2060 Information
CNNVD ID
CNNVD-202602-2060
Related CVE
- CNNVD Published: 2026-02-12
Description (Chinese)
Intego Log Reporter是Intego公司的一个日志收集和分析工具。 Intego Log Reporter存在安全漏洞,该漏洞源于以root权限执行的诊断脚本在/tmp中创建和写入文件时未强制执行安全目录处理,引入TOCTOU竞争条件,可能导致本地非特权用户通过基于符号链接的竞争条件实现任意文件写入和权限提升。
Description (English)
Intego Log Reporter is a log collection and analysis tool for Intego. Intego Log Reporter has a security loophole, which stems from the failure to enforce the security directory processing when a diagnostic script executed with root privileges is created and written in/tmp, and the introduction of the TOCTOU competitive conditions may lead local non-privileged users to achieve arbitrary document writing and authority enhancement through competitive conditions based on a symbol link.
Vulnerability Type
其他
Affected Vendor
Intego
Published
2026-02-12
Last Modified
2026-02-24
References
https://blog.quarkslab.com/intego_lpe_macos_1.html https://blog.quarkslab.com/resources/2026-02-10_intego_1/40945709530779-How-to-Use-the-Intego-Log-Reporter.pdf https://www.intego.com/ https://www.vulncheck.com/advisories/intego-log-reporter-toctou-local-privilege-escalation
Share on: