[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Mac OS X - malloc() local privilege escalation vulnerability.

To: "[ Suresec Advisories ]" <advisories@xxxxxxxxxxx>
Subject: Re: [Full-disclosure] Mac OS X - malloc() local privilege escalation vulnerability.
From: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx>
Date: Mon, 26 Sep 2005 20:02:46 +0400

Dear [ Suresec Advisories ],

Well...  another  one reason to do not write messages in HTML - the link
points  to  adv6.pdf  instead of adv7.pdf while the text is correct. Let
readers  to  choose  font  and  colors to read your message, write it in
plain text.

-- 
~/ZARAZA
http://www.security.nnov.ru/

--Sunday, September 25, 2005, 4:34:26 PM, you wrote to 
full-disclosure@xxxxxxxxxxxxxxxxx:

SA> Suresec Security Advisory - #00007 

SA> 25/09/2005





SA> Mac OS X - malloc() insecure use of environment variable.
SA>  Advisory: http://www.suresec.org/advisories/adv7.pdf ;

SA> Description: 

SA> The malloc() function on Mac OS X insecurely trusts a debug
SA> variable, regardless of the fact that the calling application may be
SA> suid root.

SA> This can result in an arbitrary file being overwritten, which
SA> can be used to escalate privileges.  

SA> This vulnerability was discovered by Ilja van Sprundel. 







_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Mac OS X - malloc() local privilege escalation vulnerability.
  - From: [ Suresec Advisories ]

Prev by Date: Re: [Full-disclosure] RE: CORE-Impact license bypass (c0ntex)
Next by Date: [Full-disclosure] Retrieve info in Protected Storage of other users
Previous by thread: [Full-disclosure] Mac OS X - malloc() local privilege escalation vulnerability.
Next by thread: [Full-disclosure] ContentServ features remote file disclosure
Index(es):
- Date
- Thread