[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Mac OS X - malloc() local privilege escalation vulnerability.

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Mac OS X - malloc() local privilege escalation vulnerability.
From: "[ Suresec Advisories ]" <advisories@xxxxxxxxxxx>
Date: Sun, 25 Sep 2005 22:34:26 +1000

Suresec Security Advisory - #00007

25/09/2005

Mac OS X - malloc() insecure use of environment variable.
Advisory: http://www.suresec.org/advisories/adv7.pdf

Description:

The malloc() function on Mac OS X insecurely trusts a debug variable, regardless of the fact that the calling application may be suid root.

This can result in an arbitrary file being overwritten, which can be used to escalate privileges.

This vulnerability was discovered by Ilja van Sprundel.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Mac OS X - malloc() local privilege escalation vulnerability.
  - From: 3APA3A

Prev by Date: [Full-disclosure] GeSHi Local PHP file inclusion 1.0.7.2
Next by Date: [Full-disclosure] ContentServ features remote file disclosure
Previous by thread: Re: [Full-disclosure] GeSHi Local PHP file inclusion 1.0.7.2
Next by thread: Re: [Full-disclosure] Mac OS X - malloc() local privilege escalation vulnerability.
Index(es):
- Date
- Thread