Month of Apple Bugs - Exploit for a vulnerability in the handling of BOM files by the DiskManagement/diskutil that allows the setting of rogue permissions on the filesystem. This can be used to execute arbitrary code and escalate privileges. One of two exploits.
9ff09c4c31ae71fb68fb87e214f17eb7e955b0cbe68a242d876ba38452f4a223Month Of Apple Bugs - A vulnerability in the handling of Apple DiskManagement BOM files allows to set rogue permissions on the filesystem via the 'diskutil' tool. This can be used to execute arbitrary code and escalate privileges. A malicious user could create a BOM declaring new permissions for specific filesystem locations (ex. binaries, cron and log directories, etc). Once 'diskutil' runs a permission repair operation the rogue permissions would be set, allowing to plant a backdoor, overwrite resources or simply gain root privileges.
c25666ddbe5ff06c32ae1027a19af259bbc8f98431a50aaf19f02ff9168bb9ecMonth Of Apple Bugs - A vulnerability in the handling of the HREFTrack field in Apple QuickTime allows cross-zone scripting, leading to potential remote arbitrary code execution.
82e3af040fcc4e61d05647eb0b0db44301d563a10028b396f5a1ff378299df69Month Of Apple Bugs - A vulnerability in the handling of the udp:// URL handler for the VLC Media Player allows remote arbitrary code execution. This is just a vanilla format string exploit for OSX on ppc.
eee494f2f67e54b963758dd0fa93937a50e35597b8d00f31b63f7f421bb37406Month Of Apple Bugs - A vulnerability in the handling of the udp:// URL handler for the VLC Media Player allows remote arbitrary code execution. This exploit will create a malicious .m3u file that will cause VLC Player for OSX to execute arbitrary code.
4a8563fe447682266c5981ff8f4f4eb1e3e5a7ac789b3d0b1ce506d8981cf777Month Of Apple Bugs - Apple Quicktime stack buffer overflow exploit that makes use of the rtsp URL Handler vulnerability.
d599dfe435a136f896e1f7fd01b079a21a224eedd8616619700a2c3b1a2ac617Denial of service exploit for Mac OS X that demonstrates a failure to properly handle corrupted UDTO HFS+ image structures (ex. bad sectors). Memory corruption is present but is unlikely to allow for arbitrary code execution.
77c282215b05a90062a750e7665e4b67a076420028accebdd30a6844a364c287This Metasploit module exploits a stack overflow in the A5AGU.SYS driver provided with the D-Link DWL-G132 USB wireless adapter. This stack overflow allows remote code execution in kernel mode. The stack overflow is triggered when a 802.11 Beacon frame is received that contains a long Rates information element. This exploit was tested with version 1.0.1.41 of the A5AGU.SYS driver and a D-Link DWL-G132 USB adapter (HW: A2, FW: 1.02). Newer versions of the A5AGU.SYS driver are provided with the D-Link WUA-2340 adapter and appear to resolve this flaw, but D-Link does not offer an updated driver for the DWL-G132. Since this vulnerability is exploited via beacon frames, all cards within range of the attack will be affected. The tested adapter used a MAC address in the range of 00:11:95:f2:XX:XX.
5245f37a2a49581c658dd9bdd9e766576bf78b633852da860acdc8bc666fa469The following filesystem image can be used to reproduce a bug in the Linux 2.6.x kernel series where the squashfs module fails to properly handle corrupted fs structures.
f337411fbf013fec85bd13c5967cf84b4caf4c76666720c6e4c5f1939b19682eThe squashfs module of the Linux kernel (2.6.x) fails to properly handle corrupted fs structures, leading to a denial of service and possible data corruption condition. A specially crafted squashfs image will cause the kernel to double free a buffer when a read operation is performed on the corrupted filesystem.
0a6585bdbc0b323d023295ab9da54496bd158cf3d1d1543ad1c7891cb75ac383fsfuzzer (0.6-lmh): This is a filesystem fuzzer. This tool creates initial (valid) filesystem images and then manipulates their binary format and structure for detecting flaws/bugs/design problems in the parsing/handling code for that particular filesystem. Expects a /media directory and some base tools (util-linux, etc) as well as support for some filesystems in the kernel (fortunately it will add the filesystems that are supported on your system, if it finds the necessary tools available).
92f98b9deaa72c4d86a635c40039aa5d0b2567e49e623d4120f4ec8f374f15a6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed