Apple Mac OS X Directory Services Passwd Privilege Escalation Vulnerabilities
An exploit is not required.
To exploit the first issue, the attacker executes the following:
umask 0;/usr/bin/passwd -i file -l <filename>
where <filename> is the path and name of another file on the system.
The following code is available to exploit the second issue: