<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Full Disclosure: Mac OS X - malloc() local privilege escalation vulnerability.

Mac OS X - malloc() local privilege escalation vulnerability.

From: [ Suresec Advisories ] <advisories_at_suresec.org>
Date: Sun, 25 Sep 2005 22:34:26 +1000

Suresec Security Advisory - #00007

25/09/2005

Mac OS X - malloc() insecure use of environment variable.
Advisory: http://www.suresec.org/advisories/adv7.pdf

Description:

The malloc() function on Mac OS X insecurely trusts a debug variable,
regardless of the fact that the calling application may be suid root.

This can result in an arbitrary file being overwritten, which can be
used to escalate privileges.

This vulnerability was discovered by Ilja van Sprundel.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Sep 25 2005

This message: [ Message body ]
Next message: qobaiashi_at_gmx.net: "ContentServ features remote file disclosure"
Previous message: Maksymilian Arciemowicz: "GeSHi Local PHP file inclusion 1.0.7.2"
Next in thread: 3APA3A: "Re: Mac OS X - malloc() local privilege escalation vulnerability."
Reply: 3APA3A: "Re: Mac OS X - malloc() local privilege escalation vulnerability."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]