vendor:
Mac OS X
by:
LMH and Kevin Finisterre
7.5
CVSS
HIGH
Command Injection
78
CWE
Product Name: Mac OS X
Affected Version From: Mac OS X 10.4.8 (8L2127)
Affected Version To: Mac OS X 10.4.8 (8L2127)
Patch Exists: NO
Related CWE:
CPE: o:apple:mac_os_x:10.4.8
Platforms Tested: Mac
2007
Exploit for Mac OS X 10.4.8 (8L2127) – Happy New Year Command Injection
This exploit takes advantage of a command injection vulnerability in Mac OS X 10.4.8 (8L2127) to execute arbitrary commands. By modifying the CMD_STRING variable, an attacker can execute any command they desire. The exploit uses a static address for the command string, but this may need to be adjusted depending on the execution method and string length. The payload includes the addresses for system(), setuid(), and the command string. Sleds are also included to allocate large heap chunks for better reliability. This exploit was released on January 1, 2007, and was developed by LMH and Kevin Finisterre.
Mitigation:
To mitigate this vulnerability, it is recommended to update to a patched version of Mac OS X. Additionally, ensure that input is properly validated and sanitized before being used in commands.