Tyler Bohan of Cisco Talos discovered these vulnerabilities.
Executive summary
The MacOS version of Pixar Renderman contains three local vulnerabilities in its install helper tool. An attacker could exploit these bugs to escalate their privileges to root.
Renderman is a rendering application used in animation and film production produced by Pixar, a well-known film studio. When installing the application, a helper tool is installed and launched as root. This service continues to listen even after installation is complete. These vulnerabilities lie in the `Dispatch` function of this helper tool.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Pixar to ensure that these issues are resolved and that an update is available for affected customers.
Vulnerability details
Pixar Renderman install helper privilege escalation vulnerability (TALOS-2018-0728/CVE-2018-4054)
The MacOS version of Pixar Renderman contains a privilege escalation vulnerability in its install helper. The `Dispatch` function’s caller is not checked and is therefore exposed to any user. An attacker with local access to the victim machine could then escalate their privileges to root. In order to exploit this flaw, the attacker would also need to run a specific Python script and command.
For more information on this vulnerability, read the complete advisory here.
Pixar Renderman install helper arbitrary file read privilege escalation vulnerability (TALOS-2018-0729/CVE-2018-4055)
A privilege escalation vulnerability exists in the MacOS version of Pixar Renderman’s install helper’s `Dispatch` function. The caller of this function is not checked, and the function is exposed to any user. An attacker with local access to the victim machine could use this vulnerability to read any root file from the file system.
For more information on this vulnerability, read the complete advisory here.
Pixar Renderman install helper privilege escalation vulnerability (TALOS-2019-0773/CVE-2019-5015)
A local privilege escalation vulnerability exists in the Pixar Renderman Install Helper helper tool. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine for a successful exploit.
For more information on this vulnerability, read the complete advisory here.
Versions tested
Talos tested and confirmed that TALOS-2018-0728 and TALOS-2018-0729 affect Pixar Renderman, version 22.2.0. TALOS-2019-0773 affects version 22.3.0. These vulnerabilities only affect the macOS version of these products.
Coverage
The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.
Snort Rules: 48450 - 48453, 49088, 49089