Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:5A2B8BE492460005E2B67FB7305B1795
HistoryOct 15, 2015 - 12:00 a.m.

Mac OS X rsh Environment Variables Privilege Elevation

2015-10-1500:00:00
SAINT Corporation
www.saintcorporation.com
20

0.0005 Low

EPSS

Percentile

14.4%

JSON

Added: 10/15/2015
CVE: CVE-2015-5889

Background

The **remote_cmds** component of Apple Mac OS X contains an rsh binary program that allows a user to execute commands on another computer across a computer network.

Problem

The rsh binary in the remote_cmds component of Mac OS X versions prior to 10.11 allows an unprivileged user to gain root access by using specially crafted environment variables when using rsh.

Resolution

Upgrade to Apple Mac OS X El Capitan v10.11 or higher.

References

<https://support.apple.com/en-us/HT205267&gt;

Limitations

Exploit works on Mac OS X 10.9.5 and 10.10.5 and requires an existing unprivileged shell connection to the target.

If the exploit succeeds, the **/etc/crontab** and **/etc/sudoers** files should be cleaned up on the target.

Platforms

Mac OS X

Related

threatpost 1
saint 3
prion 1
canvas 1
zdt 3
packetstorm 2
exploitpack 1
cve 1
exploitdb 1
kitploit 1
openvas 1
securityvulns 2
nessus 1
threatpost
threatpost
Mac, Linux Users Now Targeted by FinSpy Variants
2020-09-28 19:09:34
saint
saint
Mac OS X rsh Environment Variables Privilege Elevation
2015-10-15 00:00:00
Mac OS X rsh Environment Variables Privilege Elevation
2015-10-15 00:00:00
Mac OS X rsh Environment Variables Privilege Elevation
2015-10-15 00:00:00
prion
prion
Code injection
2015-10-09 05:59:00
canvas
canvas
Immunity Canvas: OSX_RSH_LIBMALLOC
2015-10-09 05:59:00
zdt
zdt
Mac OS X 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation
2015-10-01 00:00:00
issetugid() + rsh + libmalloc OS X Local Root Exploit
2015-10-03 00:00:00
Mac OS X 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation Exploit
2015-10-27 00:00:00
packetstorm
packetstorm
Mac OS X 10.9.5 / 10.10.5 rsh/libmalloc Privilege Escalation
2015-10-27 00:00:00
issetugid() + rsh + libmalloc OS X Local Root
2015-10-03 00:00:00
exploitpack
exploitpack
Apple Mac OSX 10.9.510.10.5 - rshlibmalloc Local Privilege Escalation
2015-10-01 00:00:00
cve
cve
CVE-2015-5889
2015-10-09 05:59:00
exploitdb
exploitdb
Apple Mac OSX 10.9.5/10.10.5 - &#039;rsh/libmalloc&#039; Local Privilege Escalation
2015-10-01 00:00:00
kitploit
kitploit
rootOS - macOS Root Helper
2019-03-09 20:25:00
openvas
openvas
Apple Mac OS X Multiple Vulnerabilities-02 (Oct 2015)
2015-10-29 00:00:00
securityvulns
securityvulns
APPLE-SA-2015-09-30-3 OS X El Capitan 10.11
2015-10-05 00:00:00
Apple Mac OS X / Mac EFI / OS X Server multiple security vulnerabilities
2015-10-25 00:00:00
nessus
nessus
Mac OS X < 10.11 Multiple Vulnerabilities (GHOST)
2015-10-05 00:00:00

0.0005 Low

EPSS

Percentile

14.4%

JSON
Related for SAINT:5A2B8BE492460005E2B67FB7305B1795
threatpost1saint3prion1canvas1zdt3packetstorm2exploitpack1cve1exploitdb1kitploit1openvas1securityvulns2nessus1