Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2015-1130

Published: 10/04/2015 Updated: 17/09/2015
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 732
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Apple

Vulnerability Summary

The XPC implementation in Admin Framework in Apple OS X prior to 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple mac os x

Exploits

Exploit DB: Apple Mac OSX - 'Rootpipe' Local Privilege Escalation (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit4 < Msf::Exploit::Local Rank = GreatRanking include Msf::Post::OSX::System include Msf::Exploit::EXE include Msf::Exploit::FileDropper def initialize(info = {}) ...
Exploit DB: Apple Mac OSX < 10.7.5/10.8.2/10.9.5/10.10.2 - 'Rootpipe' Local Privilege Escalation
######################################################## # # PoC exploit code for rootpipe (CVE-2015-1130) # # Created by Emil Kvarnhammar, TrueSec # # Tested on OS X 1075, 1082, 1095 and 10102 # ######################################################## import os import sys import platform import re import ctypes import objc import sys fr ...
Exploit DB: Mac OS X rootpipe Local Privilege Escalation
Mac OS X rootpipe local proof of concept privilege escalation exploit ...
Exploit DB: Mac OS X Rootpipe Privilege Escalation
This Metasploit module exploits a hidden backdoor API in Apple's Admin framework on Mac OS X to escalate privileges to root, dubbed Rootpipe Tested on Yosemite 10102 and should work on previous versions The patch for this issue was not backported to older releases Note: you must run this exploit as an admin user to escalate to root ...

Github Repositories

https://github.com/davidawad/Python-RootKit-Exploit-OSX

This is a script manipulating a bug in OSX to escalate any user level process to Root privilege.

Python-RootKit-Exploit-OSX This is a script manipulating a bug in OSX to escalate any user level process to Root privilege This is not my exploit, I'm going to be documenting how this exploit works for the benefit of myself and others Timeline Oct 2nd 2014: First discovery Oct 3rd 2014: First contact with Apple Product Security Team Oct 14th 2014: Exploit code shared wi

https://github.com/MrE-Fog/RootPipe-Demo

RootPipe-Demo This is a Proof-of-Concept Mac Application that demonstrates the RootPipe Privilege Escalation Vulnerability (CVE-2015-1130) identified by Emil Kvarnhammar from TrueSec This demo was written in Objective-C, ported from the Python PoC here: RootPipe Usage To use, simply give a path to a file that you want to have escalated permissions, then provide the path where

https://github.com/sideeffect42/RootPipeTester

RootPipe (CVE-2015-1130) and Phoenix (CVE-2015-3673) vulnerability testing utility for Mac OS X 10.2.8 and later

Table of Contents What is RootPipe Tester? Why should I use RootPipe Tester? How do I use RootPipe Tester? PANIC!!! My system is vulnerable? Are we all going to die? OS X 1010 (Yosemite) OS X 109 (Mavericks) OS X 108 (Mountain Lion) OS X 107 (Lion), Mac OS X 106 (Snow Leopard), Mac OS X 105 (Leopard), Mac OS X 104 (Tiger) Mac OS X 103 (Panther) Mac OS X 102 (Jaguar)

https://github.com/MrE-Fog/RootPipe-Demox

RootPipe-Demo This is a Proof-of-Concept Mac Application that demonstrates the RootPipe Privilege Escalation Vulnerability (CVE-2015-1130) identified by Emil Kvarnhammar from TrueSec This demo was written in Objective-C, ported from the Python PoC here: RootPipe Usage To use, simply give a path to a file that you want to have escalated permissions, then provide the path where

https://github.com/Shmoopi/RootPipe-Demo

Proof of Concept OS X Application for RootPipe Privilege Escalation Vulnerability (CVE-2015-1130)

RootPipe-Demo This is a Proof-of-Concept Mac Application that demonstrates the RootPipe Privilege Escalation Vulnerability (CVE-2015-1130) identified by Emil Kvarnhammar from TrueSec This demo was written in Objective-C, ported from the Python PoC here: RootPipe Usage To use, simply give a path to a file that you want to have escalated permissions, then provide the path where

https://github.com/svartkanin/source_code_analyzer

Simple source code analyzer in Go

Code analyzer A simple code analyzer tool for code repositories The output shows an overall analysis and also per file in a JSON format Dependencies The code has the following dependencies githubcom/gookit/config/json which can be installed with dep ensure Build and run Build the executable go build -o analyzer Modify the configjson f

https://github.com/melomac/rootpipo

Fifty Shades of rootpipe

rootpipo Objective-C variant of CVE-2015-1130, aka rootpipe rootpipe works on OS X 109 and OS X &lt; 10103 rootpipe-lagacy works on OS X 107 and 108 rootshell is a handy root shell launcher Usage $ /rootpipe rootshell /tmp/pipo $ /tmp/pipo # id $ /rootpipe-legacy rootshell /tmp/pipo $ /tmp/pipo # id Limitations rootpipe-le

https://github.com/univ-of-utah-marriott-library-apple/suid_scan

Simple script to help you check for files with execute-as bits set.

SUID Scan SUID Scan is a lightweight script to help you check for files with execute-as bits set (ie the SUID and SGID bits) In general, it is intended for use in distributed environments as a supplement to your routine OS X systems' maintenance cycle Contents Download - get the dmg System Requirements - what you need Contact - how to reach us Uninstall - how to remo

Recent Articles

Ex-NSA security bod fanboi: Apple Macs are wide open to malware
The Register • John Leyden • 07 May 2015

'I love Apple products, I just wish they were secure'

A former NSA staffer turned security researcher is warning that bypassing typical OS X security tools is trivial. Patrick Wardle, a former NSA staffer and NASA intern who now heads up research at crowd-sourced security intelligence firm Synack, found that Apple's defensive Gatekeeper technology can be bypassed allowing unsigned code to run. Apple's Gatekeeper utility is pre-installed in Mac OS X PCs and used to verify code. The tool is designed so that by default it will only allow signed code t...

Read more...
All Mac owners should migrate to OS X Yosemite 10.10.3 ASAP
The Register • Darren Pauli • 10 Apr 2015

Unless you're happy with an odd root 'backdoor' lurking on your machine, that is

Swedish hacker Emil Kvarnhammar has reported a since-fixed four-year-old local root 'backdoor' OS X that allows remote attackers to increase the damage of their hacks. Kvarnhammar says the unpublished API, which he dubs a backdoor, grants root access to local users on unpatched boxes. The flaw (CVE-2015-1130) is fixed in Apple's patch run this week but for machines running OS X 10.10.x only. Kvarnhammar says it is useful as a means to bolster remote attacks that use regular user accounts which l...

Read more...

References

CWE-254https://support.apple.com/HT204659http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttp://www.securitytracker.com/id/1032048http://www.securityfocus.com/bid/73982https://www.exploit-db.com/exploits/36692/http://www.osvdb.org/120418https://nvd.nist.govhttps://www.exploit-db.com/exploits/36745/https://github.com/davidawad/Python-RootKit-Exploit-OSX
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook