Full Disclosure mailing list archives
Re: OS X Local Root Exploit for Viscosity OpenVPN Client
From: "Jason A. Donenfeld" <Jason () zx2c4 com>
Date: Mon, 13 Aug 2012 18:04:47 +0200
On Mon, Aug 13, 2012 at 6:02 PM, Richard Miles <richard.k.miles () googlemail com> wrote:
Thanks for fast reply. I'm still unsure if I understood properly.
Please reply on list.
Yes, it does exist. When you run Viscosity for the first time, it makes that file SUID.So, you only have one chance to exploit it? Just before the first execution?
No. You have infinite chances, after first execution.
I really don't understand the attack, can you please explain it in details or point me to some reference that explain similar attack in details for other product?
http://en.wikipedia.org/wiki/Setuid
Thanks.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- OS X Local Root Exploit for Viscosity OpenVPN Client Jason A. Donenfeld (Aug 12)
- Message not available
- Re: OS X Local Root Exploit for Viscosity OpenVPN Client Jason A. Donenfeld (Aug 13)
- Message not available
- Re: OS X Local Root Exploit for Viscosity OpenVPN Client Jason A. Donenfeld (Aug 13)
- Re: OS X Local Root Exploit for Viscosity OpenVPN Client Jason A. Donenfeld (Aug 13)
- Message not available