Published: 03/07/2015 Updated: 22/09/2017

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Admin Framework in Apple OS X prior to 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple mac os x

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit4 < Msf::Exploit::Local Rank = GreatRanking include Msf::Post::OSX::System include Msf::Exploit::EXE include Msf::Exploit::FileDropper def initialize(info = {}) ...

This Metasploit module exploits the rootpipe vulnerability and bypasses Apple's initial fix for the issue by injecting code into a process with the 'adminwriteconfig' entitlement ...

RootPipe (CVE-2015-1130) and Phoenix (CVE-2015-3673) vulnerability testing utility for Mac OS X 10.2.8 and later

Table of Contents What is RootPipe Tester? Why should I use RootPipe Tester? How do I use RootPipe Tester? PANIC!!! My system is vulnerable? Are we all going to die? OS X 1010 (Yosemite) OS X 109 (Mavericks) OS X 108 (Mountain Lion) OS X 107 (Lion), Mac OS X 106 (Snow Leopard), Mac OS X 105 (Leopard), Mac OS X 104 (Tiger) Mac OS X 103 (Panther) Mac OS X 102 (Jaguar)

CWE-264 http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75493 https://www.exploit-db.com/exploits/38036/http://www.securitytracker.com/id/1032760 https://nvd.nist.gov https://github.com/sideeffect42/RootPipeTester https://www.exploit-db.com/exploits/38036/

CVE-2015-3673

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect