MOAB-05-01-2007: Apple DiskManagement BOM Local Privilege Escalation Vulnerability
A vulnerability in the handling of BOM files allows to set rogue permissions on the filesystem via the 'diskutil' tool. This can be used to execute arbitrary code and escalate privileges. A malicious user could create a BOM declaring new permissions for specific filesystem locations (ex. binaries, cron and log directories, etc). Once 'diskutil' runs a permission repair operation the rogue permissions would be set, allowing to plant a backdoor, overwrite resources or simply gain root privileges.
For further information:
Apple DiskManagement BOM Local Privilege Escalation Vulnerability
Exploits:
MOAB-05-01-2007.rb and MOAB-05-01-2007_cron.rb (uses crontab, recommended).
Note: This is being exploited in-the-wild. We reversed the original 0day exploit sent by an anonymous contributor.
No comments:
Post a Comment