funsec mailing list archives

Mac OS X: "/usr/bin/passwd" Binary Local Privilege Escalation (root) E xploit

From: "Fergie" <fergdawg () netzero net>
Date: Thu, 2 Mar 2006 02:12:33 GMT

Not sure what to make of this -- not being an OS X user, but while
the exploit is rated 'moderate', the vulnerability which it refers to
is rated as 'critical'.

Exploit:
http://www.frsirt.com/exploits/20060301.xosx-passwd.pl.php

Referenced vulnerability:
http://www.frsirt.com/english/advisories/2006/0791

That would make it a 0-day, regardless.

FYI,

- ferg

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Mac OS X: "/usr/bin/passwd" Binary Local Privilege Escalation (root) E xploit Fergie (Mar 01)