Added: 10/15/2015
CVE: CVE-2015-5889
The **remote_cmds**
component of Apple Mac OS X contains an rsh binary program that allows a user to execute commands on another computer across a computer network.
The rsh binary in the remote_cmds component of Mac OS X versions prior to 10.11 allows an unprivileged user to gain root access by using specially crafted environment variables when using rsh.
Upgrade to Apple Mac OS X El Capitan v10.11 or higher.
<https://support.apple.com/en-us/HT205267>
Exploit works on Mac OS X 10.9.5 and 10.10.5 and requires an existing unprivileged shell connection to the target.
If the exploit succeeds, the **/etc/crontab**
and **/etc/sudoers**
files should be cleaned up on the target.
Mac OS X