what you don't know can hurt you

Register | Login

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

CVE-2015-5889

Status Candidate

Overview

rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables.

Related Files

Mac OS X 10.9.5 / 10.10.5 rsh/libmalloc Privilege Escalation: Posted Oct 27, 2015; Authored by rebel, shandelman116 | Site metasploit.com; This Metasploit module writes to the sudoers file without root access by exploiting rsh and malloc log files. Makes sudo require no password, giving access to su even if root is disabled. Works on OS X 10.9.5 to 10.10.5 (patched on 10.11).; tags | exploit, root; systems | apple, osx; advisories | CVE-2015-5889; SHA-256 | 1959cf26f98a303dd73293b46328a6156cc9e858b22283d3803da877cf76e849; Download | Favorite | View

issetugid() + rsh + libmalloc OS X Local Root: Posted Oct 3, 2015; Authored by Philip Pettersson; The default root-suid binary /usr/bin/rsh on Mac OS X uses execv() in an insecure manner. /usr/bin/rsh will invoke /usr/bin/rlogin if launched with only a host argument, without dropping privileges or clearing the environment. This exploit will pass "MallocLogFile" to /usr/bin/rsh, which is then passed on to rlogin and interpreted by libmalloc to create a root-owned file with partially controlled contents at /etc/crontab which gives a rootshell via sudo. Tested on 10.9.5 / 10.10.5 but it most likely works on much older versions too.; tags | exploit, root; systems | apple, osx; advisories | CVE-2015-5889; SHA-256 | 57369dae3073aa171e586034196b70f67cf18695ca619dddcbe2f77bfce377a9; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 268 files
indoushka 153 files
Jay Turla 150 files
Ubuntu 66 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
Gentoo 33 files
H D Moore 31 files
Debian 29 files

File Tags

File Archives

Systems

AIX (429)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,116)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (880)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,039)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,710)
Slackware (941)
Solaris (1,614)
SUSE (1,444)
Ubuntu (9,802)
UNIX (9,448)
UnixWare (187)
Windows (6,762)
Other

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links: News by Month; News Tags; Files by Month; File Tags; File Directory

About Us: History & Purpose; Contact Information; Terms of Service; Privacy Statement; Copyright Information

Services: Security Services
Hosting By: Rokasec