[Full-disclosure] Mac OS X - malloc() local privilege escalation vulnerability.
3APA3A
3APA3A at SECURITY.NNOV.RU
Mon Sep 26 17:02:46 BST 2005
Dear [ Suresec Advisories ],
Well... another one reason to do not write messages in HTML - the link
points to adv6.pdf instead of adv7.pdf while the text is correct. Let
readers to choose font and colors to read your message, write it in
plain text.
--
~/ZARAZA
http://www.security.nnov.ru/
--Sunday, September 25, 2005, 4:34:26 PM, you wrote to full-disclosure at lists.grok.org.uk:
SA> Suresec Security Advisory - #00007
SA> 25/09/2005
SA> Mac OS X - malloc() insecure use of environment variable.
SA> Advisory: http://www.suresec.org/advisories/adv7.pdf
SA> Description:
SA> The malloc() function on Mac OS X insecurely trusts a debug
SA> variable, regardless of the fact that the calling application may be
SA> suid root.
SA> This can result in an arbitrary file being overwritten, which
SA> can be used to escalate privileges.
SA> This vulnerability was discovered by Ilja van Sprundel.
Full-Disclosure is hosted and sponsored by Secunia.