Re: Mac symlink attack techniques?
- From: Jon Hart <jhart@xxxxxxxxxxx>
- Date: Mon, 14 Apr 2008 19:54:48 -0700
On Mon, Apr 14, 2008 at 10:59:05AM +0200, Marco Ivaldi wrote:
Just a few hints off the top of my head. Specific to Mac OS X:
http://www.milw0rm.com/exploits/2737
http://www.milw0rm.com/exploits/3386
Other platforms:
http://www.0xdeadbeef.info/exploits/raptor_libnspr2
http://www.0xdeadbeef.info/exploits/raptor_libnspr3
http://www.0xdeadbeef.info/exploits/raptor_prctl2.c
http://www.milw0rm.com/exploits/792
Thanks. The Mac OS X examples you gave were exactly what I needed. It
has been a while since I've had to exploit race conditions on a Mac so
my brain was a bit rusty in that respect. I guess the reality here is
that the particular conditions in play here are really no different than
they would be on a box other than a Mac.
cron is a great way of taking advantage of this particular situation.
Without being able to take advantage of this particular flaw, the
remainder of the flaws in this particular application only lead to
gaining the privileges of another user, not root. Those could be
further exploited but I'm a fan of instant gratification.
Cheers,
-jon
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
- References:
- Mac symlink attack techniques?
- From: Jon Hart
- Re: Mac symlink attack techniques?
- From: Marco Ivaldi
- Mac symlink attack techniques?
- Prev by Date: Re: get MD5-Hash from /etc/shadow file
- Next by Date: Re: Check if addresses from AS in a black list
- Previous by thread: Re: Mac symlink attack techniques?
- Next by thread: DEF CON 16 Retro Announcement! Back to Bang!
- Index(es):
Relevant Pages
|
Loading
