Re: [Full-disclosure] Mac OS X - malloc() local privilege escalation vulnerability.
From: 3APA3A (3APA3A_at_SECURITY.NNOV.RU)
Date: 09/26/05
- Previous message: Xyberpix: "Re: [Full-disclosure] RE: CORE-Impact license bypass (c0ntex)"
- In reply to: [ Suresec Advisories ]: "[Full-disclosure] Mac OS X - malloc() local privilege escalation vulnerability."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 26 Sep 2005 20:02:46 +0400 To: [ Suresec Advisories ] <advisories@suresec.org>
Dear [ Suresec Advisories ],
Well... another one reason to do not write messages in HTML - the link
points to adv6.pdf instead of adv7.pdf while the text is correct. Let
readers to choose font and colors to read your message, write it in
plain text.
-- ~/ZARAZA http://www.security.nnov.ru/ --Sunday, September 25, 2005, 4:34:26 PM, you wrote to full-disclosure@lists.grok.org.uk: SA> Suresec Security Advisory - #00007 SA> 25/09/2005 SA> Mac OS X - malloc() insecure use of environment variable. SA> Advisory: http://www.suresec.org/advisories/adv7.pdf SA> Description: SA> The malloc() function on Mac OS X insecurely trusts a debug SA> variable, regardless of the fact that the calling application may be SA> suid root. SA> This can result in an arbitrary file being overwritten, which SA> can be used to escalate privileges. SA> This vulnerability was discovered by Ilja van Sprundel. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: Xyberpix: "Re: [Full-disclosure] RE: CORE-Impact license bypass (c0ntex)"
- In reply to: [ Suresec Advisories ]: "[Full-disclosure] Mac OS X - malloc() local privilege escalation vulnerability."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
