Apple MACOS X xnu <= 1228.9.59 local kernel root exploit
by mu-b - Sat 16 Feb 2008
- Tested on: Apple MACOS X 10.5.1 (xnu-1228.0.2~1/RELEASE_I386)
Apple MACOS X 10.5.2 (xnu-1228.3.13~1/RELEASE_I386)
workqueue_additem and workqueue_removeitem do no validate the user defineable parameter prio. (bsd/kern/pthread_synch.c)
Note: this requires quite a large amount of memory for the heap spray!
Compile: gcc -Wall -O0 -m64 xnu-workq-v2-64.c -o xnu-workq-v2-64 (compile 64-bit ONLY)
http://www.digit-labs.org/ -- Digit-Labs 2008!@$!
------------------------------------------------------
http://www.milw0rm.com/exploits/8896
No comments:
Post a Comment