CVE-2017-16928
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
31/01/2018
Last modified:
17/06/2026
Description
The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:haystacksoftware:arq:*:*:*:*:*:*:*:* | 5.10 (including) | |
| cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://packetstormsecurity.com/files/146158/Arq-5.10-Local-Privilege-Escalation.html
- https://m4.rkw.io/blog/two-local-root-privesc-bugs-in-arq-backup--510.html
- https://www.exploit-db.com/exploits/43925/
- http://packetstormsecurity.com/files/146158/Arq-5.10-Local-Privilege-Escalation.html
- https://m4.rkw.io/blog/two-local-root-privesc-bugs-in-arq-backup--510.html
- https://www.exploit-db.com/exploits/43925/



