Monday, June 8, 2009

Apple Mac OS X xnu <= 1228.9.59 Local Kernel Root Exploit

Apple MACOS X xnu <= 1228.9.59 local kernel root exploit
by mu-b - Sat 16 Feb 2008

- Tested on: Apple MACOS X 10.5.1 (xnu-1228.0.2~1/RELEASE_I386)
Apple MACOS X 10.5.2 (xnu-1228.3.13~1/RELEASE_I386)

workqueue_additem and workqueue_removeitem do no validate the user defineable parameter prio. (bsd/kern/pthread_synch.c)

Note: this requires quite a large amount of memory for the heap spray!

Compile: gcc -Wall -O0 -m64 xnu-workq-v2-64.c -o xnu-workq-v2-64 (compile 64-bit ONLY)

http://www.digit-labs.org/ -- Digit-Labs 2008!@$!

------------------------------------------------------

http://www.milw0rm.com/exploits/8896

No comments:

Post a Comment