Penetration Testing mailing list archives
Re: Mac symlink attack techniques?
From: Jon Hart <jhart () spoofed org>
Date: Mon, 14 Apr 2008 19:54:48 -0700
On Mon, Apr 14, 2008 at 10:59:05AM +0200, Marco Ivaldi wrote:
Just a few hints off the top of my head. Specific to Mac OS X: http://www.milw0rm.com/exploits/2737 http://www.milw0rm.com/exploits/3386 Other platforms: http://www.0xdeadbeef.info/exploits/raptor_libnspr2 http://www.0xdeadbeef.info/exploits/raptor_libnspr3 http://www.0xdeadbeef.info/exploits/raptor_prctl2.c http://www.milw0rm.com/exploits/792
Thanks. The Mac OS X examples you gave were exactly what I needed. It has been a while since I've had to exploit race conditions on a Mac so my brain was a bit rusty in that respect. I guess the reality here is that the particular conditions in play here are really no different than they would be on a box other than a Mac. cron is a great way of taking advantage of this particular situation. Without being able to take advantage of this particular flaw, the remainder of the flaws in this particular application only lead to gaining the privileges of another user, not root. Those could be further exploited but I'm a fan of instant gratification. Cheers, -jon ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Mac symlink attack techniques? Jon Hart (Apr 11)
- Re: Mac symlink attack techniques? don bailey (Apr 12)
- Re: Mac symlink attack techniques? Paul Melson (Apr 12)
- Re: Mac symlink attack techniques? Jon Hart (Apr 14)
- Re: Mac symlink attack techniques? Marco Ivaldi (Apr 14)
- Re: Mac symlink attack techniques? Jon Hart (Apr 16)